-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 08 Mar 2020 13:48:26 +0100 Source: upx-ucl Architecture: source Version: 3.96-1 Distribution: unstable Urgency: medium Maintainer: Robert Luberda <robert@debian.org> Changed-By: Robert Luberda <robert@debian.org> Closes: 947471 Changes: upx-ucl (3.96-1) unstable; urgency=medium . * New upstream version: + fixes heap-based buffer over-read and invalid memory address dereference in canUnpack() (CVE-2019-20021, CVE-2019-20053, closes: #947471). * Remove no longer needed patches: 02-Ignore-malformed-ElfXX_Shdr.patch, and 03-Malformed-input.patch. * Add autopkgtest checks for #947471. * Replace debian/compat with build-dependency on debhelper-compat. * Add upstream metadata file. * Standards-Version: 4.5.0. Checksums-Sha1: d803b1527b606ae73a41ca61d4a526e69f88cf81 1867 upx-ucl_3.96-1.dsc 53c36d5ba589ded10a6bbd1c58cb74c466ca3204 792524 upx-ucl_3.96.orig.tar.xz 1ae535da52b28ea297cafb3cea4e48d40ab391d4 57256 upx-ucl_3.96-1.debian.tar.xz 5aac61297d59bdb6beb1856679046eb39b0f8b58 6050 upx-ucl_3.96-1_amd64.buildinfo Checksums-Sha256: 27bf5d0754fe54da6b1492390b149098fca0499135ea594dcb7f8b4887a37101 1867 upx-ucl_3.96-1.dsc 47774df5c958f2868ef550fb258b97c73272cb1f44fe776b798e393465993714 792524 upx-ucl_3.96.orig.tar.xz c5a74cc5550a9d42d8a45c0d62c427e38159b642dbc826caf656b968e9129627 57256 upx-ucl_3.96-1.debian.tar.xz 46dc7a285b9063b069650b969303863714355fefbb63c50be7e26c373469a78f 6050 upx-ucl_3.96-1_amd64.buildinfo Files: 6d32b55a57cab305a8555adf41d70d10 1867 utils optional upx-ucl_3.96-1.dsc bf5564f33fe9062bc48b53abd4b34223 792524 utils optional upx-ucl_3.96.orig.tar.xz 36f008166f43bed9a9687771b3604119 57256 utils optional upx-ucl_3.96-1.debian.tar.xz 4445a92da7b78a1951868e21cabfc738 6050 utils optional upx-ucl_3.96-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENeh2+rTTcy6TtNI3Yx3nVTvor9QFAl5k7fQACgkQYx3nVTvo r9QJXRAAjSNsvaqLvleZuTiTnKwZgPvTM+QZXex1KIdAsCttfaqN4pKU7vgFPR95 q62SMJI/LL2+VJ3q5UK84CrlICUyf3qYSzRphU8SURuM91O3/ETLwccYRouLhNB6 OgBvfU9ayK/qh5eRluIkPk5OLG4ZNBMU5870BGOnllbs7LLHiYAClFJiKJBPwObr Q2Q6LPKvD6ZALQwC8hMwJyXJtCFSAlYTZ1y5jKa6jfaoXzqFL5MJsMsJus8GHFI9 Np3ZpEu8GPNI+60r+95FH6n0P+wbk+F32Ci58zuQBXeQmzmmaptDJbpTD+NUekrJ P2Et335xVuwLtNjvWnzpDLRS4U3SRB+dTs8vwCFMBLQEVjP+ROBcH3VO/cKaaBcm l8CLZUCwXO/xC003r1aabAe2BO9nRe/ZVA8xIA584UOILCn7RRaHPRwTgsODNYMW lQWyUt3OuINe8u6i3zEQafxtGpkSXo5aNkPBJXfD6WN8qXd9WyMpIbUtP5/M6jfE lhTd/N9RLQ14J5ilPNI8zPXto4gkgu9/xAhCXPEnK/DMNjiowpUGn81pxH+hexIZ MFINQ1ZSe7pmtANEvPkOzKkDGCcHs3I3AxiiB4mKK3TcLkEWPc0JcRsqQJIjuDNP sB1zRlBHRf1tuLQ1upRgAQIqHPlNG3vNaxYxhAPkzmukSsdAh2Y= =Zfvv -----END PGP SIGNATURE-----