mirror of
https://git.yoctoproject.org/poky
synced 2026-05-07 16:59:22 +00:00
libarchive: ignore CVE-2024-48615
Fix for this CVE [1] is patchong code introduced by [2] in v3.7.5. So v3.6.2 is not affected yet and the CVE can be safely ignored. Also Debian tracker [3] contains this statement. [1] https://github.com/libarchive/libarchive/commit/565b5aea491671ae33df1ca63697c10d54c00165 [2] https://github.com/libarchive/libarchive/commit/2d8a5760c5ec553283a95a1aaca746f6eb472d0f [3] https://security-tracker.debian.org/tracker/CVE-2024-48615 (From OE-Core rev: 60390a3a28242efba32360426b0a3be6af5fb54b) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
committed by
Steve Sakoman
Steve Sakoman
parent
f6bbf5dc3a
commit
68f82bca13
@@ -46,6 +46,8 @@ CVE_CHECK_IGNORE += "CVE-2023-30571"
|
||||
CVE_CHECK_IGNORE += "CVE-2024-37407"
|
||||
# cpe-incorrect: bsdtar was introduced in v3.7.0, so 3.6.2 is not affected yet
|
||||
CVE_CHECK_IGNORE += "CVE-2025-1632"
|
||||
# cpe-incorrect: vulnerable code introduced in v3.7.5, so 3.6.2 is not affected yet
|
||||
CVE_CHECK_IGNORE += "CVE-2024-48615"
|
||||
|
||||
inherit autotools update-alternatives pkgconfig
|
||||
|
||||
|
||||
Reference in New Issue
Block a user