CaROS/poky
3
1
Fork 0
mirror of https://git.yoctoproject.org/git/poky synced 2026-01-04 16:10:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
37be814fb2
poky/meta
History
Divya Chellam 37be814fb2 libarchive: fix CVE-2025-5918 
A vulnerability has been identified in the libarchive library. This flaw can be triggered whe
n file streams are piped into bsdtar, potentially allowing for reading past the end of the fi
le. This out-of-bounds read can lead to unintended consequences, including unpredictable prog
ram behavior, memory corruption, or a denial-of-service condition.

CVE-2025-5918-0001 is the dependent commit and CVE-2025-5918-0002 is the actual CVE fix.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-5918

Upstream-patches:
89b8c35ff4
dcbf1e0ede

(From OE-Core rev: 369c164a163b2c7f15ee5fc41130be9feaf7245e)

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-09 08:43:32 -07:00
..
classes spdx: add option to include only compiled sources 2025-07-07 07:42:58 -07:00
classes-global sanity.bbclass: skip check_userns for non-local uid 2025-01-09 06:25:36 -08:00
classes-recipe uboot: Allow for customizing installed/deployed file names 2025-07-07 07:42:58 -07:00
conf package: export debugsources in PKGDESTWORK as json 2025-07-07 07:42:58 -07:00
files meta: Enable '-o pipefail' for the SDK installer 2025-03-05 06:03:47 -08:00
lib spdx: add option to include only compiled sources 2025-07-07 07:42:58 -07:00
recipes-bsp uboot: Allow for customizing installed/deployed file names 2025-07-07 07:42:58 -07:00
recipes-connectivity kea: upgrade 2.4.1 -> 2.4.2 2025-06-13 08:58:01 -07:00
recipes-core busybox: fix CVE-2022-48174 2025-07-07 07:42:58 -07:00
recipes-devtools tcf-agent: correct the SRC_URI 2025-07-07 07:42:58 -07:00
recipes-extended libarchive: fix CVE-2025-5918 2025-07-09 08:43:32 -07:00
recipes-gnome gtk+: add missing libdrm dependency 2025-06-13 08:58:01 -07:00
recipes-graphics freetype: follow-up patch for CVE-2025-27363 2025-04-07 06:34:44 -07:00
recipes-kernel linux-yocto/6.6: update to v6.6.92 2025-06-05 08:41:15 -07:00
recipes-multimedia libpng: Add ptest 2025-06-20 08:38:12 -07:00
recipes-rt rt-tests: rt_bmark.py: fix TypeError 2024-08-06 19:11:18 -07:00
recipes-sato puzzles: ignore three new CVEs for a different puzzles 2025-03-15 06:40:07 -07:00
recipes-support gnupg: update 2.4.5 -> 2.4.8 2025-07-07 07:42:58 -07:00
site
COPYING.MIT
recipes.txt