[Git][security-tracker-team/security-tracker][master] Revert annoation for two libarchive issues and reference fix for CVE-2026-4426

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Apr 25 14:16:48 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
54ea03a2 by Salvatore Bonaccorso at 2026-04-25T15:15:40+02:00
Revert annoation for two libarchive issues and reference fix for CVE-2026-4426

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -14369,7 +14369,6 @@ CVE-2026-5121 (A flaw was found in libarchive. On 32-bit systems, an integer ove
 	[bookworm] - libarchive <no-dsa> (Minor issue)
 	NOTE: https://github.com/libarchive/libarchive/pull/2934
 	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/a2a73a8f14b3208c7f6acbbc93265254a7c1efd0
-	NOTE: Same fix as for CVE-2026-4426
 CVE-2026-4425
 	REJECTED
 CVE-2026-4416 (The Performance Library component of Gigabyte Control Center has an In ...)
@@ -20963,8 +20962,7 @@ CVE-2026-4426 (A flaw was found in libarchive. An Undefined Behavior vulnerabili
 	[trixie] - libarchive <postponed> (Minor issue, revisit when fixed upstream)
 	[bookworm] - libarchive <postponed> (Minor issue, revisit when fixed upstream)
 	NOTE: https://github.com/libarchive/libarchive/pull/2897
-	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/a2a73a8f14b3208c7f6acbbc93265254a7c1efd0
-	NOTE: Same fix as for CVE-2026-5121
+	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/c3cb1c568ebf9e8f7f478cfc0356ae54e99712b0
 CVE-2026-4424 (A flaw was found in libarchive. This heap out-of-bounds read vulnerabi ...)
 	- libarchive 3.8.7-1 (bug #1131446)
 	[trixie] - libarchive <no-dsa> (Minor issue)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ea03a22c0e5e0d2352b6c699642a964d9dab9f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/54ea03a22c0e5e0d2352b6c699642a964d9dab9f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260425/1a6e4e1e/attachment.htm>

More information about the debian-security-tracker-commits mailing list