From 34a8843a82c4c4fefeb4e5b34fbd4a3da8af27fd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 13 Sep 2024 11:38:04 +0200 Subject: [PATCH] Adding patchinfo patchinfo.20240909081141030713.269002615871826 --- .gitmodules | 2 +- libarchive | 2 +- .../_patchinfo | 18 ++++++++++++++++++ 3 files changed, 20 insertions(+), 2 deletions(-) create mode 100644 patchinfo.20240909081141030713.269002615871826/_patchinfo diff --git a/.gitmodules b/.gitmodules index a649e0c..040809d 100644 --- a/.gitmodules +++ b/.gitmodules @@ -1158,7 +1158,7 @@ url = ../../pool/libalternatives [submodule "libarchive"] path = libarchive - url = ../../pool/libarchive + url = ../../ALP-pool/libarchive [submodule "libass"] path = libass url = ../../pool/libass diff --git a/libarchive b/libarchive index 431c5ee..ea570bb 160000 --- a/libarchive +++ b/libarchive @@ -1 +1 @@ -Subproject commit 431c5ee2fde8979d18b641adab87f08fa6d8546f +Subproject commit ea570bba36169244520e08ac213c8b85b8779eb2 diff --git a/patchinfo.20240909081141030713.269002615871826/_patchinfo b/patchinfo.20240909081141030713.269002615871826/_patchinfo new file mode 100644 index 0000000..bff9a1a --- /dev/null +++ b/patchinfo.20240909081141030713.269002615871826/_patchinfo @@ -0,0 +1,18 @@ + + + VUL-0: CVE-2024-20696: libarchive: heap based out-of-bounds write + VUL-0: CVE-2024-20697: libarchive: Out of bounds Remote Code Execution Vulnerability + + + ateixeira + important + security + Security update for libarchive + This update for libarchive fixes the following issues: + +- CVE-2024-20696: Fixed out-of-bounds access in in copy_from_lzss_window_to_unp() (bsc#1225971) +- CVE-2024-20697: Fixed heap based buffer overflow in rar e8 filter (bsc#1225972) + + libarchive + +