summaryrefslogtreecommitdiff
path: root/gnu/packages/compression.scm
diff options
context:
space:
mode:
Diffstat (limited to 'gnu/packages/compression.scm')
-rw-r--r--gnu/packages/compression.scm8
1 files changed, 7 insertions, 1 deletions
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 8f062049a6..9cb0917dae 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -2209,7 +2209,8 @@ decompression is a little bit slower.")
version "/" name "-" version "-src.tar.xz"))
(sha256
(base32
- "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1"))))
+ "08anybdliqsbsl6x835iwzljahnm9i7v26icdjkcv33xmk6p5vw1"))
+ (patches (search-patches "upx-fix-CVE-2017-15056.patch"))))
(build-system gnu-build-system)
(native-inputs `(("perl" ,perl)
("ucl" ,ucl)))
@@ -2241,6 +2242,11 @@ decompression is a little bit slower.")
#t))
)))
(home-page "https://upx.github.io/")
+ ;; CVE-2017-16869 is about Mach-O files which is not of a big concern for Guix.
+ ;; See https://github.com/upx/upx/issues/146 and
+ ;; https://nvd.nist.gov/vuln/detail?vulnId=CVE-2017-16869.
+ ;; The issue will be fixed after version 3.94.
+ (properties `((lint-hidden-cve . ("CVE-2017-16869"))))
(synopsis "Compression tool for executables")
(description
"The Ultimate Packer for eXecutables (UPX) is an executable file
generated by cgit v1.2.3 (git 2.46.2) at 2024-11-11 00:13:03 +0000