mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-29 15:52:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
3c2bbf4a1cbcc0a7f9b2fbb6e141f80b11c67917
poky/meta
History
Divya Chellam 3c2bbf4a1c libarchive: fix CVE-2025-5917 
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-
one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-
byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lea
ding to unpredictable program behavior, crashes, or in specific circumstances, could be lever
aged as a building block for more sophisticated exploitation.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5917

Upstream-patch:
7c02cde37a

(From OE-Core rev: 2b6832b05bab414df1da7c74a0c6a5e5a9d75b29)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-09 08:43:32 -07:00
..
classes
spdx: add option to include only compiled sources
2025-07-07 07:42:58 -07:00
classes-global
sanity.bbclass: skip check_userns for non-local uid
2025-01-09 06:25:36 -08:00
classes-recipe
uboot: Allow for customizing installed/deployed file names
2025-07-07 07:42:58 -07:00
conf
package: export debugsources in PKGDESTWORK as json
2025-07-07 07:42:58 -07:00
files
meta: Enable '-o pipefail' for the SDK installer
2025-03-05 06:03:47 -08:00
lib
spdx: add option to include only compiled sources
2025-07-07 07:42:58 -07:00
recipes-bsp
uboot: Allow for customizing installed/deployed file names
2025-07-07 07:42:58 -07:00
recipes-connectivity
kea: upgrade 2.4.1 -> 2.4.2
2025-06-13 08:58:01 -07:00
recipes-core
busybox: fix CVE-2022-48174
2025-07-07 07:42:58 -07:00
recipes-devtools
tcf-agent: correct the SRC_URI
2025-07-07 07:42:58 -07:00
recipes-extended
libarchive: fix CVE-2025-5917
2025-07-09 08:43:32 -07:00
recipes-gnome
gtk+: add missing libdrm dependency
2025-06-13 08:58:01 -07:00
recipes-graphics
freetype: follow-up patch for CVE-2025-27363
2025-04-07 06:34:44 -07:00
recipes-kernel
linux-yocto/6.6: update to v6.6.92
2025-06-05 08:41:15 -07:00
recipes-multimedia
libpng: Add ptest
2025-06-20 08:38:12 -07:00
recipes-rt
rt-tests: rt_bmark.py: fix TypeError
2024-08-06 19:11:18 -07:00
recipes-sato
puzzles: ignore three new CVEs for a different puzzles
2025-03-15 06:40:07 -07:00
recipes-support
gnupg: update 2.4.5 -> 2.4.8
2025-07-07 07:42:58 -07:00
site
site: remove at-spi2-core values
2023-09-02 07:45:29 +01:00
COPYING.MIT
recipes.txt
Remove LSB support
2019-08-29 14:05:12 +01:00