Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
fe268f4d by Salvatore Bonaccorso at 2026-07-03T17:59:50+02:00
Update status for two libarchive issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3574,10 +3574,11 @@ CVE-2026-31016 (Cross Site Request Forgery
vulnerability in Squidex.io Squidex C
CVE-2026-28979 (An out-of-bounds access issue was addressed with improved
bounds check ...)
NOT-FOR-US: Apple
CVE-2026-14164 (A double free issue has been identified in libarchive's RAR5
reader. D ...)
- - libarchive <unfixed> (bug #1141180)
+ - libarchive 3.8.8-1 (bug #1141180)
NOTE: https://github.com/libarchive/libarchive/issues/3069
NOTE: https://github.com/libarchive/libarchive/pull/3071
- NOTE:
https://github.com/libarchive/libarchive/commit/1c914cdfef533cbee1ae3aa21a89ba02ed4d5f61
+ NOTE:
https://github.com/libarchive/libarchive/commit/1c914cdfef533cbee1ae3aa21a89ba02ed4d5f61
(master)
+ NOTE:
https://github.com/libarchive/libarchive/commit/f774f03b40cb109348e5c6d52b59c864e3cfa8e8
(v3.8.8)
CVE-2026-14160 (Time-of-check time-of-use (TOCTOU) race condition
vulnerability in Sam ...)
NOT-FOR-US: Samsung
CVE-2026-13763 (Inconsistent interpretation of HTTP/2 requests in AWS
Application Load ...)
@@ -58003,10 +58004,11 @@ CVE-2026-34080 (xdg-dbus-proxy is a filtering proxy
for D-Bus connections. Prior
CVE-2026-5762 (Allocation of resources without limits or throttling
vulnerability in ...)
NOT-FOR-US: MediaWiki extensions/skins not packaged in Debian
CVE-2026-5745 (A flaw was found in libarchive. A NULL pointer dereference
vulnerabili ...)
- - libarchive <unfixed> (bug #1132998; unimportant)
+ - libarchive 3.8.8-1 (bug #1132998; unimportant)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2455921
NOTE: https://github.com/libarchive/libarchive/issues/2904
NOTE:
https://github.com/libarchive/libarchive/issues/2904#issuecomment-4257068822
+ NOTE:
https://github.com/libarchive/libarchive/commit/5f7025543205106d64081cbafd8c345bf859b86f
(v3.8.8)
NOTE: No security impact
CVE-2026-5736 (A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2.
Impacted ...)
NOT-FOR-US: PowerJob
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe268f4de7362ecea943f193c7e64c1614ea7a61
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe268f4de7362ecea943f193c7e64c1614ea7a61
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits