From bac4d8bb59a2334696f3e485991130e1c33dc48a Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 2 Jun 2020 19:02:30 +0200
Subject: Add CVE-2019-20805/upx-ucl

---
 data/CVE/2019.list | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 43805b620c..00b6072675 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -19,7 +19,9 @@ CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is
 	[jessie] - linux <not-affected> (Vulnerable code introduced later)
 	NOTE: https://git.kernel.org/linus/2e7682ebfc750177a4944eeb56e97a3f05734528
 CVE-2019-20805 (p_lx_elf.cpp in UPX before 3.96 has an integer overflow during unpacki ...)
-	TODO: check
+	- upx-ucl 3.96-1 (unimportant)
+	NOTE: https://github.com/upx/upx/commit/8be9da8280dfa69d5df4417d4d81bda1cab78010
+	NOTE: https://github.com/upx/upx/issues/317
 CVE-2019-20804 (Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/th ...)
 	NOT-FOR-US: Gila CMS
 CVE-2019-20803 (Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcat ...)
-- 
cgit v1.2.3