mirror of
https://git.yoctoproject.org/poky
synced 2026-04-29 00:32:14 +02:00
37be814fb2
A vulnerability has been identified in the libarchive library. This flaw can be triggered whe n file streams are piped into bsdtar, potentially allowing for reading past the end of the fi le. This out-of-bounds read can lead to unintended consequences, including unpredictable prog ram behavior, memory corruption, or a denial-of-service condition. CVE-2025-5918-0001 is the dependent commit and CVE-2025-5918-0002 is the actual CVE fix. Reference: https://security-tracker.debian.org/tracker/CVE-2025-5918 Upstream-patches:89b8c35ff4dcbf1e0ede(From OE-Core rev: 369c164a163b2c7f15ee5fc41130be9feaf7245e) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>