02befac8f9
Fix CVE-2023-23456: A heap-based buffer overflow issue was discovered in UPX in PackTmt::pack() in p_tmt.cpp file. The flow allows an attacker to cause a denial of service (abort) via a crafted file. Fix CVE-2023-23457: A Segmentation fault was found in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. An attacker with a crafted input file allows invalid memory address access that could lead to a denial of service. https://github.com/upx/upx/blob/v4.0.2/NEWS Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
4 lines
197 B
Plaintext
4 lines
197 B
Plaintext
# Locally computed:
|
|
sha256 1221e725b1a89e06739df27fae394d6bc88aedbe12f137c630ec772522cbc76f upx-4.0.2-src.tar.xz
|
|
sha256 8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643 COPYING
|