upx-ucl - Debian Package Tracker

general

source: upx-ucl (main)
version: 4.2.4-1
maintainer: Robert Luberda (DMD)
arch: any
std-ver: 4.7.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.95-1
oldstable: 3.96-2
old-sec: 3.96-2+deb11u1
stable-bpo: 4.2.2-3~bpo12+1
testing: 4.2.4-1
unstable: 4.2.4-1

versioned links

3.95-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.96-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.96-2+deb11u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.2-3~bpo12+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
4.2.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

upx-ucl (2 bugs: 0, 2, 0, 0)

action needed

A new upstream version is available: 5.0.0 high

A new upstream version 5.0.0 is available, you should consider packaging it.

Created: 2025-02-23 Last update: 2025-04-02 23:03

1 security issue in trixie high

There is 1 open security issue in trixie.

1 important issue:

CVE-2025-2849: A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

Created: 2025-03-27 Last update: 2025-03-28 15:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2025-2849: A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

Created: 2025-03-27 Last update: 2025-03-28 15:30

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2025-2849: A vulnerability, which was classified as problematic, was found in UPX up to 5.0.0. Affected is the function PackLinuxElf64::un_DT_INIT of the file src/p_lx_elf.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The patch is identified as e0b6ff192412f5bb5364c1948f4f6b27a0cd5ea2. It is recommended to apply a patch to fix this issue.

Created: 2025-03-27 Last update: 2025-03-28 15:30

2 security issues in buster high

There are 2 open security issues in buster.

1 important issue:

CVE-2024-3209: A vulnerability was found in UPX up to 4.2.2. It has been rated as critical. This issue affects the function get_ne64 of the file bele.h. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259055. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

1 issue postponed or untriaged:

CVE-2023-23456: (needs triaging) A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.

Created: 2024-04-05 Last update: 2024-04-05 21:00

lintian reports 1 error high

Lintian reports 1 error about this package. You should make the package lintian clean getting rid of them.

Created: 2024-01-19 Last update: 2024-01-19 11:36

1 security issue in bookworm high

There is 1 open security issue in bookworm.

1 important issue:

CVE-2023-23456: A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file.

Created: 2023-01-13 Last update: 2023-04-13 21:09

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-04-03 02:01

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2024-01-12 Last update: 2024-01-12 03:19

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.7.2 instead of 4.7.0).

Created: 2025-02-21 Last update: 2025-02-27 13:25

news

[rss feed]

[2024-12-11] Accepted upx-ucl 3.96-2+deb11u1 (source) into oldstable-security (Sylvain Beucler)
[2024-09-02] upx-ucl 4.2.4-1 MIGRATED to testing (Debian testing watch)
[2024-08-30] Accepted upx-ucl 4.2.4-1 (source) into unstable (Robert Luberda)
[2024-04-23] Accepted upx-ucl 4.2.2-3~bpo12+1 (source amd64) into stable-backports (Debian FTP Masters) (signed by: Boyuan Yang)
[2024-01-21] upx-ucl 4.2.2-3 MIGRATED to testing (Debian testing watch)
[2024-01-19] Accepted upx-ucl 4.2.2-3 (source) into unstable (Robert Luberda)
[2024-01-12] Accepted upx-ucl 4.2.2-2 (source) into unstable (Robert Luberda)
[2024-01-11] Accepted upx-ucl 4.2.2-1 (source) into unstable (Robert Luberda)
[2023-05-11] upx-ucl REMOVED from testing (Debian testing watch)
[2021-10-16] upx-ucl 3.96-3 MIGRATED to testing (Debian testing watch)
[2021-10-14] Accepted upx-ucl 3.96-3 (source) into unstable (Robert Luberda)
[2020-06-07] upx-ucl 3.96-2 MIGRATED to testing (Debian testing watch)
[2020-06-05] Accepted upx-ucl 3.96-2 (source) into unstable (Robert Luberda)
[2020-03-08] Accepted upx-ucl 3.96-1 (source) into unstable (Robert Luberda)
[2019-08-05] upx-ucl 3.95-2 MIGRATED to testing (Debian testing watch)
[2019-07-29] Accepted upx-ucl 3.95-2 (source amd64) into unstable (Robert Luberda)
[2018-08-31] upx-ucl 3.95-1 MIGRATED to testing (Debian testing watch)
[2018-08-28] Accepted upx-ucl 3.95-1 (source amd64) into unstable (Robert Luberda)
[2018-08-10] upx-ucl 3.94-5 MIGRATED to testing (Debian testing watch)
[2018-08-05] Accepted upx-ucl 3.95~git20180805-1 (source amd64) into experimental (Robert Luberda)
[2018-08-05] Accepted upx-ucl 3.94-5 (source amd64) into unstable (Robert Luberda)
[2017-12-28] upx-ucl 3.94-4 MIGRATED to testing (Debian testing watch)
[2017-12-22] Accepted upx-ucl 3.94+git20171222-1 (source amd64) into experimental (Robert Luberda)
[2017-12-22] Accepted upx-ucl 3.94-4 (source amd64) into unstable (Robert Luberda)
[2017-09-07] upx-ucl 3.94-3 MIGRATED to testing (Debian testing watch)
[2017-09-01] Accepted upx-ucl 3.94-3 (source amd64) into unstable (Robert Luberda)
[2017-08-10] Accepted upx-ucl 3.94+git20170810-1 (source) into experimental (Robert Luberda)
[2017-08-09] Accepted upx-ucl 3.94+git20170809-1 (source) into experimental (Robert Luberda)
[2017-08-09] Accepted upx-ucl 3.94-2 (source amd64) into unstable (Robert Luberda)
[2017-06-06] upx-ucl 3.91-4 MIGRATED to testing (Debian testing watch)

bugs [bug history graph]

all: 4
RC: 1
I&N: 3
M&W: 0
F&P: 0
patch: 1

links

homepage
lintian (1, 0)
buildd: logs, checks, reproducibility, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debian patches
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 4.2.4-1
1 bug