Summary: | <app-arch/upx{-bin,}-4.0.0: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | azamat.hackimov, mgorny, proxy-maint |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/28041 | ||
Whiteboard: | ~3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() For -bin, probably yes. Do you happen to know if any of these vulnerabilities affect generated executables? I have no familiarity with UPX, so I'd defer to Azamat there Azamat, can we last rite upx-bin now that it doesn't have any reverse dependencies? Hello. I would wait for the 4.0.0 release, but for now we can mask the upx-bin package for a while. <app-arch/upx-bin-4.0.0 (In reply to Azamat H. Hackimov from comment #4) > Hello. > > I would wait for the 4.0.0 release, but for now we can mask the upx-bin > package for a while. > > <app-arch/upx-bin-4.0.0 I'm not sure it's sane to have to fight with an unstable leaf package like this. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0079cd3b6bd983ac029d76507960a3cf40413ae4 commit 0079cd3b6bd983ac029d76507960a3cf40413ae4 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2022-10-30 12:37:24 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-10-31 22:50:58 +0000 app-arch/upx-bin: add 4.0.0 Bug: https://bugs.gentoo.org/778530 Bug: https://bugs.gentoo.org/790281 Bug: https://bugs.gentoo.org/792348 Bug: https://bugs.gentoo.org/866794 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/upx-bin/Manifest | 7 +++++++ app-arch/upx-bin/upx-bin-4.0.0.ebuild | 39 +++++++++++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5f6c4062375fef16a763f3d413b099addef73432 commit 5f6c4062375fef16a763f3d413b099addef73432 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2022-10-30 11:49:41 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-10-31 22:50:57 +0000 app-arch/upx: add 4.0.0 Bug: https://bugs.gentoo.org/778530 Bug: https://bugs.gentoo.org/790281 Bug: https://bugs.gentoo.org/792348 Bug: https://bugs.gentoo.org/866794 Signed-off-by: Azamat H. Hackimov <azamat.hackimov@gmail.com> Signed-off-by: Conrad Kostecki <conikost@gentoo.org> app-arch/upx/Manifest | 1 + app-arch/upx/upx-4.0.0.ebuild | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+) Thanks, all done! |