poky/libarchive at scarthgap-5.0.11 - poky

mirror of git://git.yoctoproject.org/poky.git synced 2025-08-22 00:42:05 +02:00

History

Divya Chellam 37be814fb2 libarchive: fix CVE-2025-5918 A vulnerability has been identified in the libarchive library. This flaw can be triggered whe n file streams are piped into bsdtar, potentially allowing for reading past the end of the fi le. This out-of-bounds read can lead to unintended consequences, including unpredictable prog ram behavior, memory corruption, or a denial-of-service condition. CVE-2025-5918-0001 is the dependent commit and CVE-2025-5918-0002 is the actual CVE fix. Reference: https://security-tracker.debian.org/tracker/CVE-2025-5918 Upstream-patches: `89b8c35ff4` `dcbf1e0ede` (From OE-Core rev: 369c164a163b2c7f15ee5fc41130be9feaf7245e) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-07-09 08:43:32 -07:00
..
libarchive	libarchive: fix CVE-2025-5918	2025-07-09 08:43:32 -07:00
libarchive_3.7.9.bb	libarchive: fix CVE-2025-5918	2025-07-09 08:43:32 -07:00

Divya Chellam 37be814fb2 libarchive: fix CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered whe
n file streams are piped into bsdtar, potentially allowing for reading past the end of the fi
le. This out-of-bounds read can lead to unintended consequences, including unpredictable prog
ram behavior, memory corruption, or a denial-of-service condition.

CVE-2025-5918-0001 is the dependent commit and CVE-2025-5918-0002 is the actual CVE fix.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5918

Upstream-patches:
89b8c35ff4
dcbf1e0ede

(From OE-Core rev: 369c164a163b2c7f15ee5fc41130be9feaf7245e)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-07-09 08:43:32 -07:00

libarchive libarchive: fix CVE-2025-5918 2025-07-09 08:43:32 -07:00

libarchive_3.7.9.bb libarchive: fix CVE-2025-5918 2025-07-09 08:43:32 -07:00