- Fix CVE-2024-57970, heap-based buffer over-read in header_gnu_longlink

because it mishandles truncation (CVE-2024-57970, bsc#1237233) * CVE-2024-57970.patch OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=133
2025-02-26 14:16:30 +00:00 · 2025-02-26 14:16:30 +00:00 · 875ebe6f8b
commit 875ebe6f8b
parent bdb7f9b342
3 changed files with 5 additions and 5 deletions
--- a/CVE-2024-57970.patch
+++ b/CVE-2024-57970.patch
--- a/libarchive.changes
+++ b/libarchive.changes
@ -1,9 +1,9 @@
 -------------------------------------------------------------------
 Tue Feb 25 15:14:11 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix CVE-2025-1632, heap-based buffer over-read in header_gnu_longlink
+- Fix CVE-2024-57970, heap-based buffer over-read in header_gnu_longlink
-  because it mishandles truncation (CVE-2025-1632, bsc#1237233)
+  because it mishandles truncation (CVE-2024-57970, bsc#1237233)
-  * CVE-2025-1632.patch
+  * CVE-2024-57970.patch
 -------------------------------------------------------------------
 Thu Oct 17 08:41:56 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>
--- a/libarchive.spec
+++ b/libarchive.spec
@ -41,8 +41,8 @@ Source1:        https://github.com/libarchive/libarchive/releases/download/v%{ve
 Source2:        libarchive.keyring
 Source1000:     baselibs.conf
 Patch1:         lib-suffix.patch
-# PATCH-FIX-UPSTREAM CVE-2025-1632.patch bsc#1237233 antonio.teixeira@suse.com
+# PATCH-FIX-UPSTREAM CVE-2024-57970.patch bsc#1237233 antonio.teixeira@suse.com
-Patch2:         CVE-2025-1632.patch
+Patch2:         CVE-2024-57970.patch
 BuildRequires:  cmake
 BuildRequires:  libacl-devel
 BuildRequires:  libbz2-devel