Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted upx-ucl 4.2.2-1 (source) into unstable
Date: Thu, 11 Jan 2024 23:20:23 +0000
Signed by: Robert Luberda <robert@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 11 Jan 2024 23:00:58 +0100
Source: upx-ucl
Architecture: source
Version: 4.2.2-1
Distribution: unstable
Urgency: medium
Maintainer: Robert Luberda <robert@debian.org>
Changed-By: Robert Luberda <robert@debian.org>
Closes: 1004137 1025053 1033258
Changes:
 upx-ucl (4.2.2-1) unstable; urgency=medium
 .
   * New upstream version (closes: #1025053):
     - fixes heap-based buffer overflow issue CVE-2023-23456 (closes: #1033258);
     - fixes segmentation fault issue CVE-2023-23457 (closes: #1033258);
     - fixes execution of compressed MIPS binaries (closes: #1004137);
     - unfortunately both zlib and ucl libraries are now embedded into
       the upx-ucl binary - this should be fixed in the future somehow.
   * Remove no longer needed patches 02-arm64-crashes.patch and
     03-upstream-silence-compilation-warnings.patch.
   * Update debian/source/lintan-overrides in a try to disable its useless
     checks on debian/tests files (see: #1025452).
   * Update debian/rules for cmake that is now used by upstream.
   * Add new debian/test cases for the above CVE issues.
   * Update debian/copyright.
   * Update standards version to 4.6.2, no changes needed.
Checksums-Sha1:
 8efa9e19f6f0ef7d36adc92186b333dbb289a4e3 1884 upx-ucl_4.2.2-1.dsc
 b9144e18a250312576134eb8f21dfdd4044feeee 1275320 upx-ucl_4.2.2.orig.tar.xz
 c8758f77d3ffe29a0e1aa778607aaeec0640884f 64892 upx-ucl_4.2.2-1.debian.tar.xz
 0ad0f3092efef8f2a1003ff41042b3e5fd90c75d 7370 upx-ucl_4.2.2-1_amd64.buildinfo
Checksums-Sha256:
 2e451b7dd95950cf32cbcf725c023bdd0dc5d774b4ff73fe947995b036148d3f 1884 upx-ucl_4.2.2-1.dsc
 42ee0455eea610ef7ee732aa1f657b34a351ebcfa64a24c1e2a7aaec74c1e038 1275320 upx-ucl_4.2.2.orig.tar.xz
 ce1b366a4cacd4ffc6e15af0fc991c0086dffacc2149d43aa95e9fbcf2b6fa39 64892 upx-ucl_4.2.2-1.debian.tar.xz
 a0a95d630258205493c0e67a776364e9118ba09d4d9dcafb2457c250b2a26212 7370 upx-ucl_4.2.2-1_amd64.buildinfo
Files:
 cbe142d0d840cc1f5ac6df6ca179b1e2 1884 utils optional upx-ucl_4.2.2-1.dsc
 97ea082bc7240b8083316293e2be0e29 1275320 utils optional upx-ucl_4.2.2.orig.tar.xz
 7db90a6a34a0cfcad9cb122776751afe 64892 utils optional upx-ucl_4.2.2-1.debian.tar.xz
 a03369152abbc41d68b66864f636c940 7370 utils optional upx-ucl_4.2.2-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEENeh2+rTTcy6TtNI3Yx3nVTvor9QFAmWgaRIACgkQYx3nVTvo
r9Sz7hAAo36X1PtAgn4HjLtOze5Qy/546efLlMDJuPducDJ/mypydN3DiN6XsgaV
wrkAK5aSEwj1+2VOjisA12Q9N1KNBFEXjEiVUur+S1Yhx0nsrH1Ll3cQkU6kKxZT
v1YeO42BliPcUk1X36DcxGM3weJPukppUMOjLvrOAUKgA1VVY9dVYrvP8rNijKAI
yrjEDdERx3k6XLwzZmWlnWF6oAC5AlJWu1QhVp4WM6nbSFc+jPZsZ2/KeVt1nozM
e+pzBSZ/k64S/UcqsXANMrYXrfZWyiMEunwWFNA/SxkVmo7E6kZgAcZ6RarXGYEH
O/WasvaAvuRdbc16bRjpe7CqnwcpiOb8GZwC6KM5H5zqgUNStHGbmtxQ0c0V0Qrz
o7fALdNqv+Uc5bhTKggxfUxQJD3UHRee4MdIOZUxDK5h8Saf2eQfgl3R+wvwe6tX
q/PpYkRNut4me8vNHcPtb+iPJ2qMp+e7L4TDO7gR6YKMjcIwM+hQGewAsVaOdOoR
pCHbC8nmNezqhRFNQH0eGRdWFRDoqf0x5CmMEXkkMIuNam90ixVV8bsLktlwntKa
BahtZDazTtTHlMBBYUiNxa/Q+DZ3Sw2lMu7JiHwQlgOYHaB37tOnFKBVviMgfDUX
8f7t3rG/OwOyNrroco56QvtuR6VE5OyKpxiz9JVxluF9zZnrVAc=
=FQPc
-----END PGP SIGNATURE-----
News for package upx-ucl
