[OE-core][wrynose 48/52] libarchive: set status for CVE-2026-4426

Fri, 08 May 2026 00:13:21 -0700 

From: Peter Marko <[email protected]>

This is a version-less RedHat CVE so needs explicit status.
Fix reference: PR/commit listed in [1] backported as [2].

[1] https://security-tracker.debian.org/tracker/CVE-2026-4426
[2] 
https://github.com/libarchive/libarchive/commit/ec1bc43156b84e12ff363f39005533e6f7067297

Signed-off-by: Peter Marko <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
(cherry picked from commit ab127fa9d3ec67951374724071a71dbb9121b922)
Signed-off-by: Yoann Congal <[email protected]>
---
 meta/recipes-extended/libarchive/libarchive_3.8.7.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-extended/libarchive/libarchive_3.8.7.bb 
b/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
index a65afb7b22d..577362ef8b0 100644
--- a/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
+++ b/meta/recipes-extended/libarchive/libarchive_3.8.7.bb
@@ -89,4 +89,5 @@ do_install_ptest() {
 
 RDEPENDS:${PN}-ptest += "bsdtar bsdcpio"
 
+CVE_STATUS[CVE-2026-4426] = "fixed-version: fixed since 3.8.7"
 CVE_STATUS[CVE-2026-5121] = "fixed-version: fixed since 3.8.7"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#236690): 
https://lists.openembedded.org/g/openembedded-core/message/236690
Mute This Topic: https://lists.openembedded.org/mt/119210648/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to