]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e1f3d02) | patch
libarchive: ignore CVE-2024-48615
authorPeter Marko <peter.marko@siemens.com>
Fri, 25 Apr 2025 16:28:25 +0000 (18:28 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 28 Apr 2025 16:05:58 +0000 (09:05 -0700)
commit60390a3a28242efba32360426b0a3be6af5fb54b
treea7afb1aacc305868b10254dadd8186e5cb86a4eftree | snapshot
parente1f3d02e80f6bdd942321d9f6718dcc36afe9df8commit | diff
libarchive: ignore CVE-2024-48615

Fix for this CVE [1] is patchong code introduced by [2] in v3.7.5.
So v3.6.2 is not affected yet and the CVE can be safely ignored.
Also Debian tracker [3] contains this statement.

[1] https://github.com/libarchive/libarchive/commit/565b5aea491671ae33df1ca63697c10d54c00165
[2] https://github.com/libarchive/libarchive/commit/2d8a5760c5ec553283a95a1aaca746f6eb472d0f
[3] https://security-tracker.debian.org/tracker/CVE-2024-48615

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/libarchive/libarchive_3.6.2.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib