]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commitdiff
projects / thirdparty / openembedded / openembedded-core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 36bdd32)
libarchive: set status of CVE-2026-5745
authorPeter Marko <peter.marko@siemens.com>
Mon, 4 May 2026 19:52:46 +0000 (21:52 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 7 May 2026 09:50:06 +0000 (10:50 +0100)
Debian security tracker [1] links Github issue [2] which points to PR
[3] which has been fixed on 3.8 branch with [4].

[1] https://security-tracker.debian.org/tracker/CVE-2026-5745
[2] https://github.com/libarchive/libarchive/issues/2904#issuecomment-4257068822
[3] https://github.com/libarchive/libarchive/pull/2905/changes
[4] https://github.com/libarchive/libarchive/commit/8c04ac3c91841cdf75dc9de4a405cd7c69

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/libarchive/libarchive_3.8.7.bb patch | blob | blame | history

diff --git a/meta/recipes-extended/libarchive/libarchive_3.8.7.bb b/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
index 577362ef8b09fc780706f0452f8bac8dbd018c4d..e8c3a3bfe3dc02707b8b572fc8bab869079e0c68 100644 (file)
--- a/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
@@ -91,3 +91,4 @@ RDEPENDS:${PN}-ptest += "bsdtar bsdcpio"
 
 CVE_STATUS[CVE-2026-4426] = "fixed-version: fixed since 3.8.7"
 CVE_STATUS[CVE-2026-5121] = "fixed-version: fixed since 3.8.7"
+CVE_STATUS[CVE-2026-5745] = "fixed-version: fixed since 3.8.6"
Mirror of git://git.openembedded.org/openembedded-core