Source: upx-ucl Version: 3.95-1 Severity: normal Tags: security upstream Hi,
The following vulnerabilities were published for upx-ucl. CVE-2019-14295[0]: | An Integer overflow in the getElfSections function in p_vmlinx.cpp in | UPX 3.95 allows remote attackers to cause a denial of service (crash) | via a skewed offset larger than the size of the PE section in a UPX | packed executable, which triggers an allocation of excessive memory. CVE-2019-14296[1]: | canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause | a denial of service (SEGV or buffer overflow, and application crash) | or possibly have unspecified other impact via a crafted UPX packed | file. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-14295 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14295 https://github.com/upx/upx/issues/286 [1] https://security-tracker.debian.org/tracker/CVE-2019-14296 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14296 https://github.com/upx/upx/issues/287 Please adjust the affected versions in the BTS as needed. Regards, Salvatore