[Git][security-tracker-team/security-tracker][master] Add new nasm issues
Salvatore Bonaccorso
carnil at debian.org
Mon Nov 12 21:08:02 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
be80e10e by Salvatore Bonaccorso at 2018-11-12T21:07:39Z
Add new nasm issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -13,10 +13,18 @@ CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in
NOTE: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
TODO: Something is not correct about this CVE, the upstream bug is 3392425, but commit references 3392525, and the former is really fixed in 2.13.02 but the latter is unfixed in 2.13.02 and even 2.13.03.
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
+ - nasm <unfixed>
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
+ NOTE: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
TODO: check
CVE-2018-19214 (Netwide Assembler (NASM) 2.14rc15 has a heap-based buffer over-read in ...)
+ - nasm <unfixed>
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392521
+ NOTE: https://repo.or.cz/nasm.git/commit/661f723d39e03ca6eb05d7376a43ca33db478354
TODO: check
CVE-2018-19213 (Netwide Assembler (NASM) through 2.14rc16 has memory leaks that may ...)
+ - nasm <unfixed>
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392524
TODO: check
CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by ...)
TODO: check
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/be80e10ee1843f6c2a3667b3e8678d21df133247
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/be80e10ee1843f6c2a3667b3e8678d21df133247
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181112/90548c39/attachment.html>
More information about the debian-security-tracker-commits
mailing list