[Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-19216/nasm
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 18 07:49:56 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd4dd093 by Salvatore Bonaccorso at 2018-11-18T07:47:22Z
Update information for CVE-2018-19216/nasm
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -556,11 +556,11 @@ CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the funct
- ncurses <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken ...)
- - nasm <undetermined>
- [jessie] - nasm <ignored> (Minor issue)
+ - nasm 2.13.02-0.1 (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
- NOTE: https://repo.or.cz/nasm.git/commit/4b5b737d4991578b1918303dc0fd9c9ab5c7ce4f
- TODO: Something is not correct about this CVE, the upstream bug is 3392425, but commit references 3392525, and the former is really fixed in 2.13.02 but the latter is unfixed in 2.13.02 and even 2.13.03.
+ NOTE: Fix: https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
+ NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115758#c7
+ NOTE: NOTE: No security impact, crash in CLI tool
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
- nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd4dd093f73dd1a62471cced96b85cb2a3123ff5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bd4dd093f73dd1a62471cced96b85cb2a3123ff5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181118/16cf8269/attachment.html>
More information about the debian-security-tracker-commits
mailing list