Source: upx-ucl Version: 3.95-2 Severity: normal Tags: security upstream Forwarded: https://github.com/upx/upx/issues/315 Control: found -1 3.95-1
Hi, The following vulnerability was published for upx-ucl. CVE-2019-20021[0]: | A heap-based buffer over-read was discovered in canUnpack in | p_mach.cpp in UPX 3.95 via a crafted Mach-O file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-20021 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20021 [1] https://github.com/upx/upx/issues/315 [2] https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa Please adjust the affected versions in the BTS as needed. Regards, Salvatore
