[Secure-testing-commits] r58840 - data/CVE

Raphaël Hertzog hertzog at moszumanska.debian.org
Fri Dec 22 12:02:23 UTC 2017 

Author: hertzog
Date: 2017-12-22 12:02:23 +0000 (Fri, 22 Dec 2017)
New Revision: 58840

Modified:
   data/CVE/list
Log:
All nasm issues are fixed in the last upstream release

The 2.14rc0 release tested by the researcher is a tag roughly matching
the state of 2.13, lacking fixes made later in the nasm-2.13.xx branch
but including a few changes from the "elf" branch that have been merged
in the master branch too.

There's a slight chance that the commits from the elf branch are
responsible for some of the issues reported and closed with ?\194?\171 No longer
triggers with upcoming 2.13.02 (will be released soon) ?\194?\187, thus I mailed
Cyrill Gorcunov <gorcunov at gmail.com> to double check this with him.

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-12-22 11:51:50 UTC (rev 58839)
+++ data/CVE/list	2017-12-22 12:02:23 UTC (rev 58840)
@@ -30,50 +30,50 @@
 CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...)
 	TODO: check
 CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392433
 	TODO: check
 CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392435
 	NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af
 	TODO: check
 CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392428
 	TODO: check
 CVE-2017-17817 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392427
 	TODO: check
 CVE-2017-17816 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392426
 	TODO: check
 CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392436
 	TODO: check
 CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392430
 	TODO: check
 CVE-2017-17813 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392429
 	TODO: check
 CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392424
 	TODO: check
 CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392432
 	TODO: check
 CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown ...)
-	- nasm <unfixed>
+	- nasm 2.13.02-0.1
 	NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392431
 	TODO: check

More information about the Secure-testing-commits mailing list