mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-04 23:02:22 +02:00
Code Issues Packages Projects Releases Wiki Activity

libarchive: ignore CVE-2025-1632

Browse Source 
As already mentioned in [1] when backporting commit including fix for
this CVE, this vulnerability applies only from libarchive 3.7.0 commit
[2] which introduced bsdunzip which contains this vulnerability.

[1] https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=ec837d3b21b4f8b98abac53e2833f1490ba6bf1e
[2] c157e4ce8e

(From OE-Core rev: bf7654877ba99f0b18a1cf6f83032af5ecabd01f)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2025-03-28 18:37:16 +01:00
committed by Steve Sakoman
parent 68c9f9f449
commit 717a181fd2
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-extended/libarchive/libarchive_3.6.2.bb
View File

@@ -44,6 +44,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f
CVE_CHECK_IGNORE += "CVE-2023-30571"
# cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948
CVE_CHECK_IGNORE += "CVE-2024-37407"
# cpe-incorrect: bsdtar was introduced in v3.7.0, so 3.6.2 is not affected yet
CVE_CHECK_IGNORE += "CVE-2025-1632"
inherit autotools update-alternatives pkgconfig