Question on libarchive/3.7.4-2 and CVE-2025-1632 patch
Hi Peter,
On Sat, Apr 26, 2025 at 09:20:46AM +0000, Debian FTP Masters wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> Format: 1.8
> Date: Sat, 26 Apr 2025 11:34:57 +0300
> Source: libarchive
> Architecture: source
> Version: 3.7.4-2
> Distribution: unstable
> Urgency: high
> Maintainer: Peter Pentchev <roam@debian.org>
> Changed-By: Peter Pentchev <roam@debian.org>
> Closes: 1103494
> Changes:
> libarchive (3.7.4-2) unstable; urgency=high
> .
> * Acknowledge NMU; thanks, Salvatore!
> * Point to the debian/trixie branch in the gbp.conf file since
> the master branch in the repository already contains changes that
> did not make it in time for the Trixie freeze.
> * Add the CVE-2025-1632 patch. Closes: #1103494
> * Add the year 2025 to my debian/* copyright notice.
Was there a reason not to pick the upstream commited
https://github.com/libarchive/libarchive/commit/8ce2aca6c7d6f004f860c6619cb6cc98d51ac69a
?
Regards,
Salvatore
Reply to: