libarchive: fix CVE-2025-5915 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-07-08 15:08:16 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-14 08:37:40 -0700
commit	6cc6cd3f8d2a981280ec5f90da699411c4a1a6c7 (patch)
tree	9346e506dbc456d67590cf47604cf784a8a157fa /meta/recipes-devtools/python/python3/cgi_py.patch
parent	022d6ec767487a52fc479e25ebad11012df01474 (diff)
download	poky-6cc6cd3f8d2a981280ec5f90da699411c4a1a6c7.tar.gz

libarchive: fix CVE-2025-5915

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap b uffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer -Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memo ry buffer, which can result in unpredictable program behavior, crashes (denial of service), o r the disclosure of sensitive information from adjacent memory regions. Reference: https://security-tracker.debian.org/tracker/CVE-2025-5915 Upstream-patches: https://github.com/libarchive/libarchive/commit/a612bf62f86a6faa47bd57c52b94849f0a404d8c (From OE-Core rev: 41e7be4aa28481530d5e259d0f25b238b86c012d) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3/cgi_py.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: