[AutoPR- Security] Patch libarchive for CVE-2026-14164 [HIGH]#17906
[AutoPR- Security] Patch libarchive for CVE-2026-14164 [HIGH]#17906azurelinux-security wants to merge 1 commit into
Conversation
🔒 CVE Patch Review: CVE-2026-14164PR #17906 — [AutoPR- Security] Patch libarchive for CVE-2026-14164 [HIGH] Spec File Validation
Build VerificationBuild log analysis was skipped (no build ID available). Patch Analysis
Detailed analysisCore fix comparison: both patches move Verdict❌ CHANGES REQUESTED — Please address the issues flagged above. |
44fcb39 to
862ef1a
Compare

Auto Patch libarchive for CVE-2026-14164.
Autosec pipeline run -> https://dev.azure.com/mariner-org/mariner/_build/results?buildId=1152352&view=results
Merge Checklist
All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)
*-staticsubpackages, etc.) have had theirReleasetag incremented../cgmanifest.json,./toolkit/scripts/toolchain/cgmanifest.json,.github/workflows/cgmanifest.json)./LICENSES-AND-NOTICES/SPECS/data/licenses.json,./LICENSES-AND-NOTICES/SPECS/LICENSES-MAP.md,./LICENSES-AND-NOTICES/SPECS/LICENSE-EXCEPTIONS.PHOTON)*.signatures.jsonfilessudo make go-tidy-allandsudo make go-test-coveragepassSummary
What does the PR accomplish, why was it needed?
Change Log
Does this affect the toolchain?
YES/NO
Associated issues
Links to CVEs
Test Methodology