libarchive: fix CVE-2025-5917 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Divya Chellam <divya.chellam@windriver.com>	2025-07-08 15:08:18 +0530
committer	Steve Sakoman <steve@sakoman.com>	2025-07-14 08:37:40 -0700
commit	85c0d7d0aa9429859888216dee6e6a98d86a8d6e (patch)
tree	a7015f820964956fa5b5db6241b4108c30c997a4 /meta/recipes-devtools/python/python3/cgi_py.patch
parent	6b95583a823da8f676cab720d660b16bc29ff89e (diff)
download	poky-85c0d7d0aa9429859888216dee6e6a98d86a8d6e.tar.gz

libarchive: fix CVE-2025-5917

A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by- one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1- byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, lea ding to unpredictable program behavior, crashes, or in specific circumstances, could be lever aged as a building block for more sophisticated exploitation. Reference: https://security-tracker.debian.org/tracker/CVE-2025-5917 Upstream-patch: https://github.com/libarchive/libarchive/commit/7c02cde37a63580cd1859183fbbd2cf04a89be85 (From OE-Core rev: 2b2a2fce345c9bfcad44cc8ef3419f43dd07b022) Signed-off-by: Divya Chellam <divya.chellam@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta/recipes-devtools/python/python3/cgi_py.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: