[Git][security-tracker-team/security-tracker][master] Add CVE-2018-19216/nasm
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 12 21:03:10 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
21371414 by Salvatore Bonaccorso at 2018-11-12T21:01:10Z
Add CVE-2018-19216/nasm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -8,7 +8,10 @@ CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the funct
- ncurses <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken ...)
- TODO: check
+ - nasm <undetermined>
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
+ NOTE: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
+ TODO: Something is not correct about this CVE, the upstream bug is 3392425, but commit references 3392525, and the former is really fixed in 2.13.02 but the latter is unfixed in 2.13.02 and even 2.13.03.
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
TODO: check
CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2137141456ff5c6b41b17a2ea27b6f3b1217f294
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2137141456ff5c6b41b17a2ea27b6f3b1217f294
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181112/c902c761/attachment.html>
More information about the debian-security-tracker-commits
mailing list