[Git][security-tracker-team/security-tracker][master] 4 commits: Update CVE-2018-19216/nasm and mark it as no-dsa
Salvatore Bonaccorso
carnil at debian.org
Sun Nov 18 08:25:58 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
92803ad4 by Salvatore Bonaccorso at 2018-11-18T08:21:57Z
Update CVE-2018-19216/nasm and mark it as no-dsa
As untriaged if the use after free could be leveraged other than
crashing the CLI tool, mark it as no-dsa
- - - - -
3d355ab2 by Salvatore Bonaccorso at 2018-11-18T08:22:33Z
Fix note for CVE-2018-10016/nasm
- - - - -
a5c8d6f9 by Salvatore Bonaccorso at 2018-11-18T08:25:00Z
CVE-2018-10016/nasm fixed in unstable via new upstrem version
- - - - -
17556c7f by Salvatore Bonaccorso at 2018-11-18T08:25:30Z
Merge remote-tracking branch 'origin/master'
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -576,11 +576,12 @@ CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer dereference at the funct
- ncurses <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free in detoken ...)
- - nasm 2.13.02-0.1 (unimportant)
+ - nasm 2.13.02-0.1
+ [stretch] - nasm <no-dsa> (Minor issue)
+ [jessie] - nasm <ignored> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
NOTE: Fix: https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115758#c7
- NOTE: NOTE: No security impact, crash in CLI tool
CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer over-read in ...)
- nasm <unfixed> (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
@@ -24272,11 +24273,11 @@ CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt
[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u3
NOTE: https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76
CVE-2018-10016 (Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability ...)
- - nasm <unfixed> (bug #895408)
+ - nasm 2.14-1 (bug #895408)
[stretch] - nasm <no-dsa> (Minor issue)
[jessie] - nasm <no-dsa> (Minor issue)
[wheezy] - nasm <no-dsa> (Minor issue)
- NOTE: ttps://bugzilla.nasm.us/show_bug.cgi?id=3392473
+ NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392473
CVE-2018-10015
RESERVED
CVE-2018-10014
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee6b61a7f7c28b4efa359df2b5bb915171cf149d...17556c7fe2e956190ea850925a706058b8adcde5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee6b61a7f7c28b4efa359df2b5bb915171cf149d...17556c7fe2e956190ea850925a706058b8adcde5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181118/ca8281c9/attachment.html>
More information about the debian-security-tracker-commits
mailing list