Adding patchinfo patchinfo.20240909081141030713.269002615871826

2024-09-13 11:38:04 +02:00 · 2024-09-13 11:38:04 +02:00 · 34a8843a82
commit 34a8843a82
parent 070dfcae84
3 changed files with 20 additions and 2 deletions
--- a/.gitmodules
+++ b/.gitmodules
@ -1158,7 +1158,7 @@
 	url = ../../pool/libalternatives
 [submodule "libarchive"]
 	path = libarchive
-	url = ../../pool/libarchive
+	url = ../../ALP-pool/libarchive
 [submodule "libass"]
 	path = libass
 	url = ../../pool/libass
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit 431c5ee2fde8979d18b641adab87f08fa6d8546f
+Subproject commit ea570bba36169244520e08ac213c8b85b8779eb2
--- a/patchinfo.20240909081141030713.269002615871826/_patchinfo
+++ b/patchinfo.20240909081141030713.269002615871826/_patchinfo
@ -0,0 +1,18 @@
+<patchinfo>
+  <!-- generated from request(s) 335514 -->
+  <issue tracker="bnc" id="1225971">VUL-0: CVE-2024-20696: libarchive: heap based out-of-bounds write</issue>
+  <issue tracker="bnc" id="1225972">VUL-0: CVE-2024-20697: libarchive: Out of bounds Remote Code Execution Vulnerability</issue>
+  <issue tracker="cve" id="2024-20696"/>
+  <issue tracker="cve" id="2024-20697"/>
+  <packager>ateixeira</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for libarchive</summary>
+  <description>This update for libarchive fixes the following issues:
+
+- CVE-2024-20696: Fixed out-of-bounds access in in copy_from_lzss_window_to_unp() (bsc#1225971)
+- CVE-2024-20697: Fixed heap based buffer overflow in rar e8 filter (bsc#1225972)
+</description>
+  <package>libarchive</package>
+  <seperate_build_arch/>
+</patchinfo>