Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd4dd093 by Salvatore Bonaccorso at 2018-11-18T07:47:22Z
Update information for CVE-2018-19216/nasm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -556,11 +556,11 @@ CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer
dereference at the funct
- ncurses <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free
in detoken ...)
- - nasm <undetermined>
- [jessie] - nasm <ignored> (Minor issue)
+ - nasm 2.13.02-0.1 (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
- NOTE:
https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
- TODO: Something is not correct about this CVE, the upstream bug is
3392425, but commit references 3392525, and the former is really fixed in
2.13.02 but the latter is unfixed in 2.13.02 and even 2.13.03.
+ NOTE: Fix:
https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
+ NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115758#c7
+ NOTE: NOTE: No security impact, crash in CLI tool
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer
over-read in ...)
- nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd4dd093f73dd1a62471cced96b85cb2a3123ff5
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd4dd093f73dd1a62471cced96b85cb2a3123ff5
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
