[Git][security-tracker-team/security-tracker][master] Update references for libarchive issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7cf7b4f8 by Salvatore Bonaccorso at 2025-04-23T08:52:28+02:00
Update references for libarchive issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17208,7 +17208,8 @@ CVE-2025-25724 (list_item_verbose in tar/util.c in libarchive through 3.7.7 does
 	- libarchive <unfixed> (unimportant; bug #1103479)
 	NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug
 	NOTE: https://github.com/libarchive/libarchive/issues/2529
-	NOTE: https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532
+	NOTE: https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532 (master)
+	NOTE: https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a (v3.7.8)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2025-1810 (A vulnerability was found in Pixsoft Vivaz 6.0.11. It has been classif ...)
 	NOT-FOR-US: Pixsoft Vivaz
@@ -22057,7 +22058,8 @@ CVE-2025-22495 (An improper input validation vulnerability was discovered in the
 CVE-2025-1632 (A vulnerability was found in libarchive up to 3.7.7. It has been class ...)
 	- libarchive <unfixed> (unimportant; bug #1103494)
 	NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
-	NOTE: https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532
+	NOTE: https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532 (master)
+	NOTE: https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a (v3.7.8)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2025-1488 (The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulner ...)
 	NOT-FOR-US: WordPress plugin
@@ -23659,7 +23661,8 @@ CVE-2024-57970 (libarchive through 3.7.7 has a heap-based buffer over-read in he
 	NOTE: https://github.com/libarchive/libarchive/pull/2422
 	NOTE: https://github.com/libarchive/libarchive/issues/2415
 	NOTE: Introduced by: https://github.com/libarchive/libarchive/commit/2d8a5760c5ec553283a95a1aaca746f6eb472d0f (v3.7.5)
-	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/82912103214506316bd9990d73f33d743d55f570
+	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/82912103214506316bd9990d73f33d743d55f570 (master)
+	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e0362b7f1a51b6c59ea06257a8f41e6ae3c7000f (v3.7.8)
 CVE-2025-26793 (The Web GUI configuration panel of Hirsch (formerly Identiv and Viscou ...)
 	NOT-FOR-US: Hirsch Enterphone MESH
 CVE-2025-22209 (A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4 ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7b4f8fc0114e02e168c9d62bf9a0ca014f24e

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7b4f8fc0114e02e168c9d62bf9a0ca014f24e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250423/8fdbe1fa/attachment.htm>