pool/libarchive
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Fix CVE-2024-57970, heap-based buffer over-read in header_gnu_longlink

Browse Source 
because it mishandles truncation (CVE-2024-57970, bsc#1237233)
  * CVE-2024-57970.patch

OBS-URL: https://build.opensuse.org/package/show/Archiving/libarchive?expand=0&rev=133
This commit is contained in:
Antonio Teixeira 2025-02-26 14:16:30 +00:00 committed by Git OBS Bridge
parent bdb7f9b342
commit 875ebe6f8b
3 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

0
CVE-2025-1632.patch → CVE-2024-57970.patch
View File

6
libarchive.changes
View File

@ -1,9 +1,9 @@
-------------------------------------------------------------------
Tue Feb 25 15:14:11 UTC 2025 - Antonio Teixeira <antonio.teixeira@suse.com>
- Fix CVE-2025-1632, heap-based buffer over-read in header_gnu_longlink
because it mishandles truncation (CVE-2025-1632, bsc#1237233)
* CVE-2025-1632.patch
- Fix CVE-2024-57970, heap-based buffer over-read in header_gnu_longlink
because it mishandles truncation (CVE-2024-57970, bsc#1237233)
* CVE-2024-57970.patch
-------------------------------------------------------------------
Thu Oct 17 08:41:56 UTC 2024 - Antonio Teixeira <antonio.teixeira@suse.com>

4
libarchive.spec
View File

@ -41,8 +41,8 @@ Source1: https://github.com/libarchive/libarchive/releases/download/v%{ve
Source2: libarchive.keyring
Source1000: baselibs.conf
Patch1: lib-suffix.patch
# PATCH-FIX-UPSTREAM CVE-2025-1632.patch bsc#1237233 antonio.teixeira@suse.com
Patch2: CVE-2025-1632.patch
# PATCH-FIX-UPSTREAM CVE-2024-57970.patch bsc#1237233 antonio.teixeira@suse.com
Patch2: CVE-2024-57970.patch
BuildRequires: cmake
BuildRequires: libacl-devel
BuildRequires: libbz2-devel