https://github.com/libarchive/libarchive/releases/tag/v3.7.8 says:
Libarchive 3.7.8 is a bugfix and security release
Security fixes:
- tar reader: Handle truncation in the middle of a GNU long linkname
(#2422, CVE-2024-57970)
- unzip: fix null pointer dereference
(#2532, CVE-2025-1632)
- tar reader: fix unchecked return value in list_item_verbose()
(#2532, CVE-2025-25724)
(Though 3.7.9 has since been released to fix a regression in libarchive 3.7.8
regarding GNU sparse entries.)
--
-Alan Coopersmith- alan.coopersm...@oracle.com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris
