[Git][security-tracker-team/security-tracker][master] Add new upx-ucl issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
267d5684 by Salvatore Bonaccorso at 2022-08-27T08:46:16+02:00
Add new upx-ucl issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -131627,19 +131627,33 @@ CVE-2020-27804
 CVE-2020-27803
 	RESERVED
 CVE-2020-27802 (An floating point exception was discovered in the elf_lookup function  ...)
-	TODO: check
+	- upx-ucl <unfixed> (unimportant)
+	NOTE: https://github.com/upx/upx/issues/393
+	NOTE: https://github.com/upx/upx/commit/8d1d605b3d8c49bdfe9376454f0196738bed8166
 CVE-2020-27801 (A heap-based buffer over-read was discovered in the get_le64 function  ...)
-	TODO: check
+	- upx-ucl <unfixed> (unimportant)
+	NOTE: https://github.com/upx/upx/issues/394
+	NOTE: https://github.com/upx/upx/commit/49edccd7165696dcc0bf79f50cae4011313ddd28
 CVE-2020-27800 (A heap-based buffer over-read was discovered in the get_le32 function  ...)
-	TODO: check
+	- upx-ucl <unfixed> (unimportant)
+	NOTE: https://github.com/upx/upx/issues/395
+	NOTE: https://github.com/upx/upx/commit/76cd518110a9e7597363012ff4e31bcd526a081e
 CVE-2020-27799 (A heap-based buffer over-read was discovered in the acc_ua_get_be32 fu ...)
-	TODO: check
+	- upx-ucl <unfixed> (unimportant)
+	NOTE: https://github.com/upx/upx/issues/391
+	NOTE: https://github.com/upx/upx/commit/8764fdc24c31c21dc43b2a2f99eb8c48a34e5e9c
 CVE-2020-27798 (An invalid memory address reference was discovered in the adjABS funct ...)
-	TODO: check
+	- upx-ucl <unfixed> (unimportant)
+	NOTE: https://github.com/upx/upx/issues/396
+	NOTE: https://github.com/upx/upx/commit/624eb22d743db206f689a411a2272080b0d7f94f
 CVE-2020-27797 (An invalid memory address reference was discovered in the elf_lookup f ...)
-	TODO: check
+	- upx-ucl <unfixed> (unimportant)
+	NOTE: https://github.com/upx/upx/issues/390
+	NOTE: https://github.com/upx/upx/commit/7d093174597483053e95f07d9f4614024c09890e
 CVE-2020-27796 (A heap-based buffer over-read was discovered in the invert_pt_dynamic  ...)
-	TODO: check
+	- upx-ucl <unfixed> (unimportant)
+	NOTE: https://github.com/upx/upx/issues/392
+	NOTE: https://github.com/upx/upx/commit/7d093174597483053e95f07d9f4614024c09890e
 CVE-2020-27795 (A segmentation fault was discovered in radare2 with adf command. In li ...)
 	- radare2 5.0.0+dfsg-1
 	NOTE: https://github.com/radareorg/radare2/commit/4d3811681a80f92a53e795f6a64c4b0fc2c8dd22 (4.4.0)
@@ -131670,7 +131684,7 @@ CVE-2020-27788 (An out-of-bounds read access vulnerability was discovered in UPX
 	NOTE: https://github.com/upx/upx/issues/332
 	NOTE: https://github.com/upx/upx/commit/1bb93d4fce9f1d764ba57bf5ac154af515b3fc83 (v3.96)
 CVE-2020-27787 (A Segmentaation fault was found in UPX in invert_pt_dynamic() function ...)
-	- upx-ucl 3.96-1
+	- upx-ucl 3.96-1 (unimportant)
 	NOTE: https://github.com/upx/upx/issues/333
 	NOTE: https://github.com/upx/upx/commit/e2f60adc95334f47e286838dac33160819c5d74d (v3.96)
 CVE-2020-27786 (A flaw was found in the Linux kernel’s implementation of MIDI, w ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267d5684b7fbcc74b9dfb12d49aef75afa77c921

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/267d5684b7fbcc74b9dfb12d49aef75afa77c921
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220827/a9ecf88b/attachment.htm>