]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 32c4b28) | patch
libarchive: ignore CVE-2025-1632
authorPeter Marko <peter.marko@siemens.com>
Fri, 28 Mar 2025 17:37:16 +0000 (18:37 +0100)
committerSteve Sakoman <steve@sakoman.com>
Mon, 31 Mar 2025 16:13:54 +0000 (09:13 -0700)
commitbf7654877ba99f0b18a1cf6f83032af5ecabd01f
treec0c4ad8a35699db7135c35ef20b7f610ba2f110btree
parent32c4b28fc06e39ab8ef86aebc5e1e1ae19934495commit | diff
libarchive: ignore CVE-2025-1632

As already mentioned in [1] when backporting commit including fix for
this CVE, this vulnerability applies only from libarchive 3.7.0 commit
[2] which introduced bsdunzip which contains this vulnerability.

[1] https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=ec837d3b21b4f8b98abac53e2833f1490ba6bf1e
[2] https://github.com/libarchive/libarchive/commit/c157e4ce8eb170a92945cc2d292fd7106bdfcce1

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/libarchive/libarchive_3.6.2.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib