[Git][security-tracker-team/security-tracker][master] Add new upx-ucl issues

[Salvatore Bonaccorso (@carnil)]

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
0494c337 by Salvatore Bonaccorso at 2023-04-10T21:34:15+02:00
Add new upx-ucl issues

Note for reviewers, the actuall unfixed status and the assessment on
severity needs still to be done.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -114222,19 +114222,33 @@ CVE-2021-43319 (Zoho ManageEngine Network Configuration Manager before 125488 is
 CVE-2021-43318
 	RESERVED
 CVE-2021-43317 (A heap-based buffer overflows was discovered in upx, during the generi ...)
-	TODO: check
+	- upx-ucl <unfixed>
+	NOTE: https://github.com/upx/upx/issues/380
+	NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
 CVE-2021-43316 (A heap-based buffer overflow was discovered in upx, during the generic ...)
-	TODO: check
+	- upx-ucl <unfixed>
+	NOTE: https://github.com/upx/upx/issues/381
+	NOTE: https://github.com/upx/upx/commit/962c35aa08ef3dcee13d3f7ef6e2d845da912f25
 CVE-2021-43315 (A heap-based buffer overflows was discovered in upx, during the generi ...)
-	TODO: check
+	- upx-ucl <unfixed>
+	NOTE: https://github.com/upx/upx/issues/380
+	NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
 CVE-2021-43314 (A heap-based buffer overflows was discovered in upx, during the generi ...)
-	TODO: check
+	- upx-ucl <unfixed>
+	NOTE: https://github.com/upx/upx/issues/380
+	NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
 CVE-2021-43313 (A heap-based buffer overflow was discovered in upx, during the variabl ...)
-	TODO: check
+	- upx-ucl <unfixed>
+	NOTE: https://github.com/upx/upx/issues/378
+	NOTE: https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6
 CVE-2021-43312 (A heap-based buffer overflow was discovered in upx, during the variabl ...)
-	TODO: check
+	- upx-ucl <unfixed>
+	NOTE: https://github.com/upx/upx/issues/379
+	NOTE: https://github.com/upx/upx/commit/828a6cf07b69bc7314e888d7b76f0eafe125a3f6
 CVE-2021-43311 (A heap-based buffer overflow was discovered in upx, during the generic ...)
-	TODO: check
+	- upx-ucl <unfixed>
+	NOTE: https://github.com/upx/upx/issues/380
+	NOTE: https://github.com/upx/upx/commit/b327645e648d46c8730be80730a171cf74cfe338
 CVE-2021-43310 (A vulnerability in Keylime before 6.3.0 allows an attacker to craft a  ...)
 	NOT-FOR-US: Keylime
 CVE-2021-43309 (An exponential ReDoS (Regular Expression Denial of Service) can be tri ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0494c337d0a244aa1334cedf5e9856760973cc67

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/0494c337d0a244aa1334cedf5e9856760973cc67
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230410/7408a4de/attachment.htm>