From: Peter Marko <peter.marko@siemens.com>
Date: Mon, 4 May 2026 19:52:46 +0000 (+0200)
Subject: libarchive: set status of CVE-2026-5745
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a3f38d68bd58f2028f8097d2cb11486d8a8f75ad;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

libarchive: set status of CVE-2026-5745

Debian security tracker [1] links Github issue [2] which points to PR
[3] which has been fixed on 3.8 branch with [4].

[1] https://security-tracker.debian.org/tracker/CVE-2026-5745
[2] https://github.com/libarchive/libarchive/issues/2904#issuecomment-4257068822
[3] https://github.com/libarchive/libarchive/pull/2905/changes
[4] https://github.com/libarchive/libarchive/commit/8c04ac3c91841cdf75dc9de4a405cd7c69

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-extended/libarchive/libarchive_3.8.7.bb b/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
index 577362ef8b..e8c3a3bfe3 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
@@ -91,3 +91,4 @@ RDEPENDS:${PN}-ptest += "bsdtar bsdcpio"
 
 CVE_STATUS[CVE-2026-4426] = "fixed-version: fixed since 3.8.7"
 CVE_STATUS[CVE-2026-5121] = "fixed-version: fixed since 3.8.7"
+CVE_STATUS[CVE-2026-5745] = "fixed-version: fixed since 3.8.6"