[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#31487] [PATCH] gnu: Add upx.

From: Ludovic Courtès
Subject: [bug#31487] [PATCH] gnu: Add upx.
Date: Tue, 29 May 2018 15:27:19 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)

Pierre Neidhardt <address@hidden> skribis:

> The relevant issues:
> -
> -

Hmm I see that:
  corresponds to:

  corresponds to:

The latter (CVE-2017-16869) is marked as “disputed” above, and I would
agree with the arguments of the UPX maintainers.

The authors did not react to the former (CVE-2017-15056, crash when
reading ELF files), other than by fixing it, but it does look similar in

What about adding a patch for CVE-2017-15056 since it would at least fix
a concrete bug?

CVE-2017-16869 is also a bug but it concerns Mach-O files, which are
much less of a concern for our users I suppose.  Patching it wouldn’t
hurt either, but you could also add a ‘lint-hidden-cve’ property for
CVE-2017-16869 with a comment.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]