diff mbox series

[kirkstone,05/14] libarchive: ignore CVE-2024-48615

Message ID 60390a3a28242efba32360426b0a3be6af5fb54b.1745981510.git.steve@sakoman.com
State Accepted, archived
Commit 60390a3a28242efba32360426b0a3be6af5fb54b
Delegated to: Steve Sakoman
Headers show
Series [kirkstone,01/14] sqlite3: patch CVE-2025-29088 | expand

Commit Message

Steve Sakoman April 30, 2025, 2:53 a.m. UTC
From: Peter Marko <peter.marko@siemens.com>

Fix for this CVE [1] is patchong code introduced by [2] in v3.7.5.
So v3.6.2 is not affected yet and the CVE can be safely ignored.
Also Debian tracker [3] contains this statement.

[1] https://github.com/libarchive/libarchive/commit/565b5aea491671ae33df1ca63697c10d54c00165
[2] https://github.com/libarchive/libarchive/commit/2d8a5760c5ec553283a95a1aaca746f6eb472d0f
[3] https://security-tracker.debian.org/tracker/CVE-2024-48615

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-extended/libarchive/libarchive_3.6.2.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
index f7e576b688..87d3794ab7 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.6.2.bb
@@ -46,6 +46,8 @@  CVE_CHECK_IGNORE += "CVE-2023-30571"
 CVE_CHECK_IGNORE += "CVE-2024-37407"
 # cpe-incorrect: bsdtar was introduced in v3.7.0, so 3.6.2 is not affected yet
 CVE_CHECK_IGNORE += "CVE-2025-1632"
+# cpe-incorrect: vulnerable code introduced in v3.7.5, so 3.6.2 is not affected yet
+CVE_CHECK_IGNORE += "CVE-2024-48615"
 
 inherit autotools update-alternatives pkgconfig