Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
7cf7b4f8 by Salvatore Bonaccorso at 2025-04-23T08:52:28+02:00
Update references for libarchive issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -17208,7 +17208,8 @@ CVE-2025-25724 (list_item_verbose in tar/util.c in
libarchive through 3.7.7 does
- libarchive <unfixed> (unimportant; bug #1103479)
NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdtarbug
NOTE: https://github.com/libarchive/libarchive/issues/2529
- NOTE:
https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532
+ NOTE:
https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532
(master)
+ NOTE:
https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a
(v3.7.8)
NOTE: Crash in CLI tool, no security impact
CVE-2025-1810 (A vulnerability was found in Pixsoft Vivaz 6.0.11. It has been
classif ...)
NOT-FOR-US: Pixsoft Vivaz
@@ -22057,7 +22058,8 @@ CVE-2025-22495 (An improper input validation
vulnerability was discovered in the
CVE-2025-1632 (A vulnerability was found in libarchive up to 3.7.7. It has
been class ...)
- libarchive <unfixed> (unimportant; bug #1103494)
NOTE: https://github.com/Ekkosun/pocs/blob/main/bsdunzip-poc
- NOTE:
https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532
+ NOTE:
https://github.com/libarchive/libarchive/commit/c9bc934e7e91d302e0feca6e713ccc38d6d01532
(master)
+ NOTE:
https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a
(v3.7.8)
NOTE: Crash in CLI tool, no security impact
CVE-2025-1488 (The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is
vulner ...)
NOT-FOR-US: WordPress plugin
@@ -23659,7 +23661,8 @@ CVE-2024-57970 (libarchive through 3.7.7 has a
heap-based buffer over-read in he
NOTE: https://github.com/libarchive/libarchive/pull/2422
NOTE: https://github.com/libarchive/libarchive/issues/2415
NOTE: Introduced by:
https://github.com/libarchive/libarchive/commit/2d8a5760c5ec553283a95a1aaca746f6eb472d0f
(v3.7.5)
- NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/82912103214506316bd9990d73f33d743d55f570
+ NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/82912103214506316bd9990d73f33d743d55f570
(master)
+ NOTE: Fixed by:
https://github.com/libarchive/libarchive/commit/e0362b7f1a51b6c59ea06257a8f41e6ae3c7000f
(v3.7.8)
CVE-2025-26793 (The Web GUI configuration panel of Hirsch (formerly Identiv
and Viscou ...)
NOT-FOR-US: Hirsch Enterphone MESH
CVE-2025-22209 (A SQL injection vulnerability in the JS Jobs plugin versions
1.1.5-1.4 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7b4f8fc0114e02e168c9d62bf9a0ca014f24e
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7cf7b4f8fc0114e02e168c9d62bf9a0ca014f24e
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
