Accepted upx-ucl 4.2.2-1 (source) into unstable
- To: debian-devel-changes@lists.debian.org
- Subject: Accepted upx-ucl 4.2.2-1 (source) into unstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 11 Jan 2024 23:20:23 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: upx-ucl_4.2.2-1_source.changes
- Debian-source: upx-ucl
- Debian-suite: unstable
- Debian-version: 4.2.2-1
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=udBgdSVF4QMB8n4wkeZJ9QhYBfdWP2PqfpDJuxzpi4k=; b=QrUKLGkILYL/O06UaKoCjYElEN ZNjpnEeXDoOuIsoeWDjrMGsmB1aDJWvbgUuWXi2pPEvQ+557Vq9zyGczi/CSBr3vSR3lWs//FSU/c +uibmF7yS5F82ynsVKq19P7alkg1Ch3o8n4WuOzzFE6IamL7vfv1mbxvyumXN+ghWzzm5OI8yGycq VJ/Ab82ow08iblHMFEAVUlJlJR0YGgc7SnwJeYIUfN2w1NQ9IIpg0mg67x2grIjX/8S6D2tXN5aVr 8LejhYDWArCiWOt/b8tSwYcfh437oik8sYBHtG7eJB2Ffu70esnOSnaZkDJgKAS4wReCDXboN/017 hZ/AcrVw==;
- Mail-followup-to: debian-devel@lists.debian.org
- Message-id: <E1rO4LX-004fg9-49@fasolo.debian.org>
- Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 11 Jan 2024 23:00:58 +0100
Source: upx-ucl
Architecture: source
Version: 4.2.2-1
Distribution: unstable
Urgency: medium
Maintainer: Robert Luberda <robert@debian.org>
Changed-By: Robert Luberda <robert@debian.org>
Closes: 1004137 1025053 1033258
Changes:
upx-ucl (4.2.2-1) unstable; urgency=medium
.
* New upstream version (closes: #1025053):
- fixes heap-based buffer overflow issue CVE-2023-23456 (closes: #1033258);
- fixes segmentation fault issue CVE-2023-23457 (closes: #1033258);
- fixes execution of compressed MIPS binaries (closes: #1004137);
- unfortunately both zlib and ucl libraries are now embedded into
the upx-ucl binary - this should be fixed in the future somehow.
* Remove no longer needed patches 02-arm64-crashes.patch and
03-upstream-silence-compilation-warnings.patch.
* Update debian/source/lintan-overrides in a try to disable its useless
checks on debian/tests files (see: #1025452).
* Update debian/rules for cmake that is now used by upstream.
* Add new debian/test cases for the above CVE issues.
* Update debian/copyright.
* Update standards version to 4.6.2, no changes needed.
Checksums-Sha1:
8efa9e19f6f0ef7d36adc92186b333dbb289a4e3 1884 upx-ucl_4.2.2-1.dsc
b9144e18a250312576134eb8f21dfdd4044feeee 1275320 upx-ucl_4.2.2.orig.tar.xz
c8758f77d3ffe29a0e1aa778607aaeec0640884f 64892 upx-ucl_4.2.2-1.debian.tar.xz
0ad0f3092efef8f2a1003ff41042b3e5fd90c75d 7370 upx-ucl_4.2.2-1_amd64.buildinfo
Checksums-Sha256:
2e451b7dd95950cf32cbcf725c023bdd0dc5d774b4ff73fe947995b036148d3f 1884 upx-ucl_4.2.2-1.dsc
42ee0455eea610ef7ee732aa1f657b34a351ebcfa64a24c1e2a7aaec74c1e038 1275320 upx-ucl_4.2.2.orig.tar.xz
ce1b366a4cacd4ffc6e15af0fc991c0086dffacc2149d43aa95e9fbcf2b6fa39 64892 upx-ucl_4.2.2-1.debian.tar.xz
a0a95d630258205493c0e67a776364e9118ba09d4d9dcafb2457c250b2a26212 7370 upx-ucl_4.2.2-1_amd64.buildinfo
Files:
cbe142d0d840cc1f5ac6df6ca179b1e2 1884 utils optional upx-ucl_4.2.2-1.dsc
97ea082bc7240b8083316293e2be0e29 1275320 utils optional upx-ucl_4.2.2.orig.tar.xz
7db90a6a34a0cfcad9cb122776751afe 64892 utils optional upx-ucl_4.2.2-1.debian.tar.xz
a03369152abbc41d68b66864f636c940 7370 utils optional upx-ucl_4.2.2-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEENeh2+rTTcy6TtNI3Yx3nVTvor9QFAmWgaRIACgkQYx3nVTvo
r9Sz7hAAo36X1PtAgn4HjLtOze5Qy/546efLlMDJuPducDJ/mypydN3DiN6XsgaV
wrkAK5aSEwj1+2VOjisA12Q9N1KNBFEXjEiVUur+S1Yhx0nsrH1Ll3cQkU6kKxZT
v1YeO42BliPcUk1X36DcxGM3weJPukppUMOjLvrOAUKgA1VVY9dVYrvP8rNijKAI
yrjEDdERx3k6XLwzZmWlnWF6oAC5AlJWu1QhVp4WM6nbSFc+jPZsZ2/KeVt1nozM
e+pzBSZ/k64S/UcqsXANMrYXrfZWyiMEunwWFNA/SxkVmo7E6kZgAcZ6RarXGYEH
O/WasvaAvuRdbc16bRjpe7CqnwcpiOb8GZwC6KM5H5zqgUNStHGbmtxQ0c0V0Qrz
o7fALdNqv+Uc5bhTKggxfUxQJD3UHRee4MdIOZUxDK5h8Saf2eQfgl3R+wvwe6tX
q/PpYkRNut4me8vNHcPtb+iPJ2qMp+e7L4TDO7gR6YKMjcIwM+hQGewAsVaOdOoR
pCHbC8nmNezqhRFNQH0eGRdWFRDoqf0x5CmMEXkkMIuNam90ixVV8bsLktlwntKa
BahtZDazTtTHlMBBYUiNxa/Q+DZ3Sw2lMu7JiHwQlgOYHaB37tOnFKBVviMgfDUX
8f7t3rG/OwOyNrroco56QvtuR6VE5OyKpxiz9JVxluF9zZnrVAc=
=FQPc
-----END PGP SIGNATURE-----