mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-14 05:49:57 +00:00
Vrushti Dabhi
6553182380
Upstream Repository: https://sourceforge.net/projects/p7zip/ Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2022-47069 Type: Security Fix CVE: CVE-2022-47069 Score: 7.8 Note: - Commit [1] updates complete p7zip archive source for v17 and includes changes that fixes CVE-2022-47609, adapted fix related changes in current p7zip v16.02. - Similar changes via [2] have been integrated into the upstream 7zip package, which replaced p7zip 16.02 in OE-Core master. For the testing: - Verified fix using steps mentioned at [3], trace not observed. - Validated against known malicious ZIP samples [3] References: [1] https://github.com/p7zip-project/p7zip/commit/d7a903ff13c2 [2] https://github.com/ip7z/7zip/commit/f19f813537c7 [3] https://sourceforge.net/p/p7zip/bugs/241/ [4] https://bugzilla.suse.com/show_bug.cgi?id=CVE-2022-47069 Signed-off-by: Vrushti Dabhi <vdabhi@cisco.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>