git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Divya Chellam <divya.chellam@windriver.com>
	Tue, 8 Jul 2025 10:23:53 +0000 (15:53 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 11 Jul 2025 16:55:25 +0000 (09:55 -0700)
commit	0787eb4ed528cde09ed8f27f070cc6875548f056
tree	a843e444d2e7d4f577a6cb0c263f705e79e5739a	tree \| snapshot
parent	674a3780bb76f4c8adf92d4f91cc9146d32787aa	commit \| diff

libarchive: fix CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap b
uffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer
-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memo
ry buffer, which can result in unpredictable program behavior, crashes (denial of service), o
r the disclosure of sensitive information from adjacent memory regions.

Adjusted indentation in the recipe file.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5915

Upstream-patches:
https://github.com/libarchive/libarchive/commit/a612bf62f86a6faa47bd57c52b94849f0a404d8c

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-extended/libarchive/libarchive/CVE-2025-5915.patch	[new file with mode: 0644]	blob
meta/recipes-extended/libarchive/libarchive_3.7.9.bb		diff \| blob \| blame \| history