update: libarchive
dongsupark opened this issue · comments
Dongsu Park commented
Name: libarchive
CVEs: CVE-2024-26256, CVE-2024-37407
CVSSs: 7.8
Action Needed: update to >= 3.7.4
Summary:
- CVE-2024-26256: Remote code execution vulnerability, an out-of-bound error in rar e8 filter.
- CVE-2024-37407: Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c.
refmap.gentoo: TBD
Dongsu Park commented
Added CVE-2024-37407.