libarchive: ignore CVE-2025-1632 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Peter Marko <peter.marko@siemens.com>	2025-03-28 18:37:16 +0100
committer	Steve Sakoman <steve@sakoman.com>	2025-04-04 08:42:47 -0700
commit	717a181fd2f068268d8252c04177fa2e2eae1e64 (patch)
tree	9813367c882f2c627c0dced0caa1c0c30e656715 /scripts/lib/scriptutils.py
parent	68c9f9f44982e8caabc82c25292cbdf93877aef6 (diff)
download	poky-717a181fd2f068268d8252c04177fa2e2eae1e64.tar.gz

libarchive: ignore CVE-2025-1632

As already mentioned in [1] when backporting commit including fix for this CVE, this vulnerability applies only from libarchive 3.7.0 commit [2] which introduced bsdunzip which contains this vulnerability. [1] https://git.openembedded.org/openembedded-core/commit/?h=kirkstone&id=ec837d3b21b4f8b98abac53e2833f1490ba6bf1e [2] https://github.com/libarchive/libarchive/commit/c157e4ce8eb170a92945cc2d292fd7106bdfcce1 (From OE-Core rev: bf7654877ba99f0b18a1cf6f83032af5ecabd01f) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/scriptutils.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: