Skip to content

[automatic] Publish 17 advisories for LibArchive_jll #183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[automatic] Publish 17 advisories for LibArchive_jll #183

wants to merge 1 commit into from

Conversation

jlsec-bot
Copy link
Contributor

This action searched --project=libarchive, checking 71 (+1) advisories from NVD and 2 (+0) from EUVD for advisories that pertain here. It identified 17 advisories as being related to the Julia package(s): LibArchive_jll.

17 advisories found concrete vulnerable ranges

  • CVE-2021-23177 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.5.2+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2021-31566 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.5.2+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2021-36976 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.7.4+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2022-36227 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.7.4+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2023-30571 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.7.4+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2024-26256 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.7.4+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2024-48615 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.7.9+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2024-48957 for packages: LibArchive_jll
    • LibArchive_jll computed [">= 3.7.4+0, < 3.7.9+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2024-48958 for packages: LibArchive_jll
    • LibArchive_jll computed [">= 3.7.4+0, < 3.7.9+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2024-57970 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.7.9+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2025-1632 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.7.9+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2025-25724 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.7.9+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2025-5914 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.8.0+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2025-5915 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.8.0+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2025-5916 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.8.0+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2025-5917 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.8.0+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}
  • CVE-2025-5918 for packages: LibArchive_jll
    • LibArchive_jll computed ["< 3.8.0+0"]. Its latest version (3.8.2+0) has components: {libarchive = "3.8.2"}

@mbauman mbauman mentioned this pull request Oct 19, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jlsec-bot @mbauman