[Git][security-tracker-team/security-tracker][master] Update status for CVE-2025-25724/libarchive

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Jan 8 15:16:12 GMT 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f19c24ab by Salvatore Bonaccorso at 2026-01-08T16:15:35+01:00
Update status for CVE-2025-25724/libarchive

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -106853,12 +106853,14 @@ CVE-2025-25726
 CVE-2025-25725
 	REJECTED
 CVE-2025-25724 (list_item_verbose in tar/util.c in libarchive through 3.7.7 does not c ...)
-	- libarchive <unfixed> (unimportant; bug #1103479)
+	- libarchive 3.8.4-1 (unimportant; bug #1103479)
 	NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug
 	NOTE: https://github.com/libarchive/libarchive/issues/2529
 	NOTE: Initial fix (incomplete): https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532 (master)
 	NOTE: Initial fix (incomplete): https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a (v3.7.8)
 	NOTE: Proper fix proposal: https://github.com/libarchive/libarchive/issues/2710
+	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/6bd863f61281aecf2e78737b08838d4a27cf1fcb
+	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/044dd7366824535679c597c67011500db6fae43f (v3.8.2)
 	NOTE: Crash in CLI tool, no security impact
 CVE-2025-1810 (A vulnerability was found in Pixsoft Vivaz 6.0.11. It has been classif ...)
 	NOT-FOR-US: Pixsoft Vivaz



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f19c24ab0b64784e6d957595b0960900546ef18f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f19c24ab0b64784e6d957595b0960900546ef18f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260108/3c8531c8/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list