[Git][security-tracker-team/security-tracker][master] new libarchive issue

[Moritz Muehlenhoff (@jmm)]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6dbc3711 by Moritz Muehlenhoff at 2025-02-16T15:46:45+01:00
new libarchive issue

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -5,7 +5,10 @@ CVE-2025-1332 (A vulnerability has been found in FastCMS up to 0.1.5 and classif
 CVE-2024-57971 (DataSourceResource.java in the SpagoBI API support in Knowage Server i ...)
 	NOT-FOR-US: Knowage Server in KNOWAGE
 CVE-2024-57970 (libarchive through 3.7.7 has a heap-based buffer over-read in header_g ...)
-	TODO: check
+	- libarchive <unfixed>
+	NOTE: https://github.com/libarchive/libarchive/commit/82912103214506316bd9990d73f33d743d55f570
+	NOTE: https://github.com/libarchive/libarchive/pull/2422
+	NOTE: https://github.com/libarchive/libarchive/issues/2415
 CVE-2025-26793 (The Web GUI configuration panel of Hirsch (formerly Identiv and Viscou ...)
 	NOT-FOR-US: Hirsch Enterphone MESH
 CVE-2025-22209 (A SQL injection vulnerability in the JS Jobs plugin versions 1.1.5-1.4 ...)


=====================================
data/dsa-needed.txt
=====================================
@@ -27,6 +27,8 @@ jetty9
 --
 jpeg-xl
 --
+libarchive
+--
 libreswan
   Waiting on feedback from maintainer
 --



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dbc3711f63e97f7bc7c629857ab531579fd69e5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6dbc3711f63e97f7bc7c629857ab531579fd69e5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250216/5fb4c252/attachment-0001.htm>