]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 401624d) | patch
libarchive: upgrade 3.8.6 -> 3.8.7
authorPeter Marko <peter.marko@siemens.com>
Wed, 15 Apr 2026 17:37:12 +0000 (19:37 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 16 Apr 2026 10:09:38 +0000 (11:09 +0100)
commit9ccf2a0a3f774887c8338d900b05fe3efa67490f
treefa4b11b0799d4052f0b206edb89fd2b4e569336dtree | snapshot
parent401624dc0277fa990e7ffe2cd947d8d0de84e9dacommit | diff
libarchive: upgrade 3.8.6 -> 3.8.7

Solves CVE-2026-5121 (points to [2] per [3]).
Since it's Redhat version-less CVE, add explicit CVE_STATUS.

Release information [1]:

Libarchive 3.8.6 is a security and bugfix release.

Notable fixes:

* CAB: fix NULL pointer dereference during skip (#2900)
* CAB: Fix Heap OOB Write in CAB LZX decoder (#2919)
* cpio: various fixes and improvements (#2899, #2908, #2910, #2939)
* contrib/untar: fix out-of-bounds read (#2903)
* iso9660: fix undefined behavior (#2897)
* iso9660: fix posibble heap buffer overflow on 32-bit systems (#2934)
* libarchive: fix handling of option failures (#2871)
* libarchive: do not continue with truncated numbers (#2911)
* libarchive: lzop and grzip filter support (#2947)
* RAR: fix LZSS window size mismatch after PPMd block (#2898)

[1] https://github.com/libarchive/libarchive/releases/tag/v3.8.7
[2] https://github.com/libarchive/libarchive/pull/2934
[3] https://security-tracker.debian.org/tracker/CVE-2026-5121

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/libarchive/libarchive_3.8.7.bb [moved from meta/recipes-extended/libarchive/libarchive_3.8.6.bb with 95% similarity] diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib