MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 12:59:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

libarchive: ignore CVE-2024-48615

Browse Source 
Fix for this CVE [1] is patchong code introduced by [2] in v3.7.5.
So v3.6.2 is not affected yet and the CVE can be safely ignored.
Also Debian tracker [3] contains this statement.

[1] 565b5aea49
[2] 2d8a5760c5
[3] https://security-tracker.debian.org/tracker/CVE-2024-48615

(From OE-Core rev: 60390a3a28242efba32360426b0a3be6af5fb54b)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko 2025-04-25 18:28:25 +02:00 committed by Steve Sakoman
parent f6bbf5dc3a
commit 68f82bca13
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-extended/libarchive/libarchive_3.6.2.bb
View File

@ -46,6 +46,8 @@ CVE_CHECK_IGNORE += "CVE-2023-30571"
CVE_CHECK_IGNORE += "CVE-2024-37407"
# cpe-incorrect: bsdtar was introduced in v3.7.0, so 3.6.2 is not affected yet
CVE_CHECK_IGNORE += "CVE-2025-1632"
# cpe-incorrect: vulnerable code introduced in v3.7.5, so 3.6.2 is not affected yet
CVE_CHECK_IGNORE += "CVE-2024-48615"
inherit autotools update-alternatives pkgconfig