Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
fe268f4d by Salvatore Bonaccorso at 2026-07-03T17:59:50+02:00
Update status for two libarchive issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -3574,10 +3574,11 @@ CVE-2026-31016 (Cross Site Request Forgery 
vulnerability in Squidex.io Squidex C
 CVE-2026-28979 (An out-of-bounds access issue was addressed with improved 
bounds check ...)
        NOT-FOR-US: Apple
 CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5 
reader. D ...)
-       - libarchive <unfixed> (bug #1141180)
+       - libarchive 3.8.8-1 (bug #1141180)
        NOTE: https://github.com/libarchive/libarchive/issues/3069
        NOTE: https://github.com/libarchive/libarchive/pull/3071
-       NOTE: 
https://github.com/libarchive/libarchive/commit/1c914cdfef533cbee1ae3aa21a89ba02ed4d5f61
+       NOTE: 
https://github.com/libarchive/libarchive/commit/1c914cdfef533cbee1ae3aa21a89ba02ed4d5f61
 (master)
+       NOTE: 
https://github.com/libarchive/libarchive/commit/f774f03b40cb109348e5c6d52b59c864e3cfa8e8
 (v3.8.8)
 CVE-2026-14160 (Time-of-check time-of-use (TOCTOU) race condition 
vulnerability in Sam ...)
        NOT-FOR-US: Samsung
 CVE-2026-13763 (Inconsistent interpretation of HTTP/2 requests in AWS 
Application Load ...)
@@ -58003,10 +58004,11 @@ CVE-2026-34080 (xdg-dbus-proxy is a filtering proxy 
for D-Bus connections. Prior
 CVE-2026-5762 (Allocation of resources without limits or throttling 
vulnerability in  ...)
        NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
 CVE-2026-5745 (A flaw was found in libarchive. A NULL pointer dereference 
vulnerabili ...)
-       - libarchive <unfixed> (bug #1132998; unimportant)
+       - libarchive 3.8.8-1 (bug #1132998; unimportant)
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2455921
        NOTE: https://github.com/libarchive/libarchive/issues/2904
        NOTE: 
https://github.com/libarchive/libarchive/issues/2904#issuecomment-4257068822
+       NOTE: 
https://github.com/libarchive/libarchive/commit/5f7025543205106d64081cbafd8c345bf859b86f
 (v3.8.8)
        NOTE: No security impact
 CVE-2026-5736 (A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. 
Impacted ...)
        NOT-FOR-US: PowerJob



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe268f4de7362ecea943f193c7e64c1614ea7a61

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe268f4de7362ecea943f193c7e64c1614ea7a61
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to