Message ID | 20240718164219.1007660-1-peter.marko@siemens.com |
---|---|
State | Accepted |
Delegated to: | Steve Sakoman |
Headers | show |
Series | [kirkstone] libarchive: ignore CVE-2024-37407 | expand |
On Thu, Jul 18, 2024 at 6:43 PM Peter Marko via lists.openembedded.org <peter.marko=siemens.com@lists.openembedded.org> wrote: > From: Peter Marko <peter.marko@siemens.com> > > History of code changes: > * introduced: > https://github.com/ilibarchive/libarchive/commit/390d83012fdba8c8db7fc9915338805882b0597a > (v3.7.2-52-g390d8301) > * reverted: 6 > https://github.com/libarchive/libarchive/commit/2c8caf6611a7d0662d80176c4fdb40f85794699 > (v3.7.2-53-g62c8caf6) > * re-introduced: 9 > https://github.com/libarchive/libarchive/commit/1f27004a5c88589658e38d68e46d223da6b75ca > (v3.7.3-14-g91f27004) > * fixed: bhttps:// > github.com/libarchive/libarchive/commit/6a979481b7d77c12fa17bbed94576b63bbcb0c0 > (v3.7.3-24-gb6a97948) > > For further reference, the commits in the message are malformed. Likely should be: * introduced: https://github.com/ilibarchive/libarchive/commit/390d83012fdba8c8db7fc9915338805882b0597a (v3.7.2-52-g390d8301) * reverted: https://github.com/libarchive/libarchive/commit/62c8caf6611a7d0662d80176c4fdb40f85794699 <https://github.com/libarchive/libarchive/commit/2c8caf6611a7d0662d80176c4fdb40f85794699> (v3.7.2-53-g62c8caf6) * re-introduced: https://github.com/libarchive/libarchive/commit/91f27004a5c88589658e38d68e46d223da6b75ca <https://github.com/libarchive/libarchive/commit/1f27004a5c88589658e38d68e46d223da6b75ca> (v3.7.3-14-g91f27004) * fixed: https:// github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0 <http://github.com/libarchive/libarchive/commit/6a979481b7d77c12fa17bbed94576b63bbcb0c0> (v3.7.3-24-gb6a97948) Kind regards, Marta
diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb index c83eec9b1a..a7a3e47412 100644 --- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb +++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb @@ -38,6 +38,8 @@ SRC_URI[sha256sum] = "ba6d02f15ba04aba9c23fd5f236bb234eab9d5209e95d1c4df85c44d5f # upstream-wontfix: upstream has documented that reported function is not thread-safe CVE_CHECK_IGNORE += "CVE-2023-30571" +# cpe-incorrect: this vulnerability was not in any release; introduced in v3.7.3-14-g91f27004; fixed in b6a97948 +CVE_CHECK_IGNORE += "CVE-2024-37407" inherit autotools update-alternatives pkgconfig