upx-ucl - Debian Package Tracker

general

source: upx-ucl (main)
version: 4.2.4-1.1
maintainer: Robert Luberda (DMD)
arch: any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 3.96-2
old-sec: 3.96-2+deb11u1
stable-bpo: 4.2.2-3~bpo12+1
testing: 4.2.4-1.1
unstable: 4.2.4-1.1

versioned links

3.96-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.96-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.2-3~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.4-1.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

upx-ucl (2 bugs: 0, 2, 0, 0)

action needed

A new upstream version is available: 5.0.2 high

A new upstream version 5.0.2 is available, you should consider packaging it.

Created: 2025-02-23 Last update: 2025-07-26 15:31

2 security issues in buster high

There are 2 open security issues in buster.

1 important issue:

CVE-2024-3209: A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

1 issue postponed or untriaged:

CVE-2023-23456: (needs triaging) A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.

Created: 2024-04-05 Last update: 2024-04-05 21:00

lintian reports 1 error high

Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.

Created: 2024-01-19 Last update: 2024-01-19 11:36

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2023-23456: A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.

Created: 2023-01-13 Last update: 2023-04-13 21:09

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-07-26 16:01

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2024-01-12 Last update: 2024-01-12 03:19

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-04-16 07:27

news

[rss feed]

[2025-04-26] upx-ucl 4.2.4-1.1 MIGRATED to testing (Debian testing watch)
[2025-04-16] Accepted upx-ucl 4.2.4-1.1 (source) into unstable (Matheus Polkorny) (signed by: Carlos Henrique Lima Melara)
[2024-12-11] Accepted upx-ucl 3.96-2+deb11u1 (source) into oldstable-security (Sylvain Beucler)
[2024-09-02] upx-ucl 4.2.4-1 MIGRATED to testing (Debian testing watch)
[2024-08-30] Accepted upx-ucl 4.2.4-1 (source) into unstable (Robert Luberda)
[2024-04-23] Accepted upx-ucl 4.2.2-3~bpo12+1 (source amd64) into stable-backports (Debian FTP Masters) (signed by: Boyuan Yang)
[2024-01-21] upx-ucl 4.2.2-3 MIGRATED to testing (Debian testing watch)
[2024-01-19] Accepted upx-ucl 4.2.2-3 (source) into unstable (Robert Luberda)
[2024-01-12] Accepted upx-ucl 4.2.2-2 (source) into unstable (Robert Luberda)
[2024-01-11] Accepted upx-ucl 4.2.2-1 (source) into unstable (Robert Luberda)
[2023-05-11] upx-ucl REMOVED from testing (Debian testing watch)
[2021-10-16] upx-ucl 3.96-3 MIGRATED to testing (Debian testing watch)
[2021-10-14] Accepted upx-ucl 3.96-3 (source) into unstable (Robert Luberda)
[2020-06-07] upx-ucl 3.96-2 MIGRATED to testing (Debian testing watch)
[2020-06-05] Accepted upx-ucl 3.96-2 (source) into unstable (Robert Luberda)
[2020-03-08] Accepted upx-ucl 3.96-1 (source) into unstable (Robert Luberda)
[2019-08-05] upx-ucl 3.95-2 MIGRATED to testing (Debian testing watch)
[2019-07-29] Accepted upx-ucl 3.95-2 (source amd64) into unstable (Robert Luberda)
[2018-08-31] upx-ucl 3.95-1 MIGRATED to testing (Debian testing watch)
[2018-08-28] Accepted upx-ucl 3.95-1 (source amd64) into unstable (Robert Luberda)
[2018-08-10] upx-ucl 3.94-5 MIGRATED to testing (Debian testing watch)
[2018-08-05] Accepted upx-ucl 3.95~git20180805-1 (source amd64) into experimental (Robert Luberda)
[2018-08-05] Accepted upx-ucl 3.94-5 (source amd64) into unstable (Robert Luberda)
[2017-12-28] upx-ucl 3.94-4 MIGRATED to testing (Debian testing watch)
[2017-12-22] Accepted upx-ucl 3.94+git20171222-1 (source amd64) into experimental (Robert Luberda)
[2017-12-22] Accepted upx-ucl 3.94-4 (source amd64) into unstable (Robert Luberda)
[2017-09-07] upx-ucl 3.94-3 MIGRATED to testing (Debian testing watch)
[2017-09-01] Accepted upx-ucl 3.94-3 (source amd64) into unstable (Robert Luberda)
[2017-08-10] Accepted upx-ucl 3.94+git20170810-1 (source) into experimental (Robert Luberda)
[2017-08-09] Accepted upx-ucl 3.94+git20170809-1 (source) into experimental (Robert Luberda)

bugs [bug history graph]

all: 3
RC: 0
I&N: 3
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian (1, 0)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.2.4-1.1
1 bug