[bug#31487] [PATCH] gnu: Add upx.

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#31487] [PATCH] gnu: Add upx.

From:	Ludovic Courtès
Subject:	[bug#31487] [PATCH] gnu: Add upx.
Date:	Fri, 15 Jun 2018 09:12:55 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)

Ping!  :-)

address@hidden (Ludovic Courtès) skribis:

> Pierre Neidhardt <address@hidden> skribis:
>
>> The relevant issues:
>>
>> - https://github.com/upx/upx/issues/146
>> - https://github.com/upx/upx/pull/190
>
> Hmm I see that:
>
>   https://github.com/upx/upx/issues/128
>   corresponds to:
>   https://nvd.nist.gov/vuln/detail?vulnId=CVE%2D%32%30%31%37%2D%31%35%30%35%36
>
> and:
>
>   https://nvd.nist.gov/vuln/detail?vulnId=CVE%2D%32%30%31%37%2D%31%36%38%36%39
>   corresponds to:
>   https://github.com/upx/upx/issues/146
>
> The latter (CVE-2017-16869) is marked as “disputed” above, and I would
> agree with the arguments of the UPX maintainers.
>
> The authors did not react to the former (CVE-2017-15056, crash when
> reading ELF files), other than by fixing it, but it does look similar in
> spirit.
>
> What about adding a patch for CVE-2017-15056 since it would at least fix
> a concrete bug?
>
> CVE-2017-16869 is also a bug but it concerns Mach-O files, which are
> much less of a concern for our users I suppose.  Patching it wouldn’t
> hurt either, but you could also add a ‘lint-hidden-cve’ property for
> CVE-2017-16869 with a comment.
>
> TIA,
> Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#31487] [PATCH] gnu: Add upx., Ludovic Courtès <=
- [bug#31487] [PATCH] gnu: Add upx., Pierre Neidhardt, 2018/06/16
  - [bug#31487] [PATCH] gnu: Add upx., Pierre Neidhardt, 2018/06/16

Prev by Date: [bug#31416] [PATCH 3/4] bootloader: Add make-u-boot-bootloader.
Next by Date: bug#31799: Use git-version.
Previous by thread: [bug#31416] [PATCH 3/4] bootloader: Add make-u-boot-bootloader.
Next by thread: [bug#31487] [PATCH] gnu: Add upx.
Index(es):
- Date
- Thread