Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update bundled 7zip executables to v24.09 #3626

Closed
2 tasks done
gep13 opened this issue Feb 4, 2025 · 0 comments · Fixed by #3632
Closed
2 tasks done

Update bundled 7zip executables to v24.09 #3626

gep13 opened this issue Feb 4, 2025 · 0 comments · Fixed by #3632
Labels
4 - Done Bug Security
Milestone
2.5.0

Comments

@gep13
Copy link
Member

gep13 commented Feb 4, 2025
edited
Loading

Checklist

  • I have verified this is the correct repository for opening this issue.
  • I have verified no other issues exist related to my request.

Is Your Feature Request Related To A Problem? Please describe.

There is a CVE (CVE-2025-0411) associated with 7-zip, which has been addressed in version 24.09.

Describe The Solution. Why is it needed?

Update the embedded 7-zip binaries to the latest version, and ship a new release of Chocolatey CLI.

Additional Context

Related Issues
@gep13 gep13 added this to the 2.5.0 milestone Feb 4, 2025
@gep13 gep13 mentioned this issue Feb 4, 2025
Closed
2 tasks
AdmiringWorm pushed a commit to AdmiringWorm/choco that referenced this issue Feb 11, 2025
@gep13 @AdmiringWorm
(chocolatey#3626) Upgrade 7z to 24.09
e21af35 
This addresses a known CVE with 7-zip:

GHSA-2pjx-wvcg-vhr8
(cherry picked from commit c6da67a)
@AdmiringWorm AdmiringWorm mentioned this issue Feb 11, 2025
Merged
@gep13 gep13 added the 4 - Done label Feb 18, 2025
@drdamour drdamour mentioned this issue Feb 18, 2025
Open
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
4 - Done Bug Security
Projects
None yet
Milestone
2.5.0
Development

Successfully merging a pull request may close this issue.

(maint) Back-merge changes from support branch to develop AdmiringWorm/choco
1 participant
@gep13