[Git][security-tracker-team/security-tracker][master] 4 commits: Update CVE-2018-19216/nasm and mark it as no-dsa

Salvatore Bonaccorso carnil at debian.org
Sun Nov 18 08:25:58 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
92803ad4 by Salvatore Bonaccorso at 2018-11-18T08:21:57Z
Update CVE-2018-19216/nasm and mark it as no-dsa

As untriaged if the use after free could be leveraged other than
crashing the CLI tool, mark it as no-dsa

- - - - -
3d355ab2 by Salvatore Bonaccorso at 2018-11-18T08:22:33Z
Fix note for CVE-2018-10016/nasm

- - - - -
a5c8d6f9 by Salvatore Bonaccorso at 2018-11-18T08:25:00Z
CVE-2018-10016/nasm fixed in unstable via new upstrem version

- - - - -
17556c7f by Salvatore Bonaccorso at 2018-11-18T08:25:30Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -576,11 +576,12 @@ CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the funct
 	- ncurses <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
 CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken ...)
-	- nasm 2.13.02-0.1 (unimportant)
+	- nasm 2.13.02-0.1
+	[stretch] - nasm <no-dsa> (Minor issue)
+	[jessie] - nasm <ignored> (Minor issue)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
 	NOTE: Fix: https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
 	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115758#c7
-	NOTE: NOTE: No security impact, crash in CLI tool
 CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
 	- nasm <unfixed> (unimportant)
 	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
@@ -24272,11 +24273,11 @@ CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt
 	[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u3
 	NOTE: https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76
 CVE-2018-10016 (Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability ...)
-	- nasm <unfixed> (bug #895408)
+	- nasm 2.14-1 (bug #895408)
 	[stretch] - nasm <no-dsa> (Minor issue)
 	[jessie] - nasm <no-dsa> (Minor issue)
 	[wheezy] - nasm <no-dsa> (Minor issue)
-	NOTE: ttps://bugzilla.nasm.us/show_bug.cgi?id=3392473
+	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392473
 CVE-2018-10015
 	RESERVED
 CVE-2018-10014



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee6b61a7f7c28b4efa359df2b5bb915171cf149d...17556c7fe2e956190ea850925a706058b8adcde5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee6b61a7f7c28b4efa359df2b5bb915171cf149d...17556c7fe2e956190ea850925a706058b8adcde5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181118/ca8281c9/attachment.html>


More information about the debian-security-tracker-commits mailing list