From https://github.com/libarchive/libarchive/releases/tag/v3.7.5: """ Security fixes: fix multiple vulnerabilities identified by SAST (#2251, #2256) cpio: ignore out-of-range gid/uid/size/ino and harden AFIO parsing (#2258) lzop: prevent integer overflow (#2174) rar4: protect copy_from_lzss_window_to_unp() (#2172, CVE-2024-20696) rar4: fix CVE-2024-26256 (#2269, CVS-2024-26256) rar4: fix OOB in delta and audio filter (#2148, #2149) rar4: fix out of boundary access with large files (#2179) rar4: add boundary checks to rgb filter (#2210) rar4: fix OOB access with unicode filenames (#2203) rar5: clear 'data ready' cache on window buffer reallocs (#2265) rpm: calculate huge header sizes correctly (#2158) unzip: unify EOF handling (#2175) util: fix out of boundary access in mktemp functions (#2160) uu: stop processing if lines are too long (#2168) """
The bump was blocked while I waited for a fix to be merged upstream, but I'll backport it now.
(In reply to Michał Górny from comment #1) > The bump was blocked while I waited for a fix to be merged upstream, but > I'll backport it now. Ah, thanks. I only noticed the release by chance and figured there must be some reason ;)
cleanup done