[Git][security-tracker-team/security-tracker][master] yasm fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed Apr 30 09:46:42 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
6d516570 by Moritz Mühlenhoff at 2025-04-30T10:46:11+02:00
yasm fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -180309,12 +180309,12 @@ CVE-2023-29580 (yasm 1.3.0.55.g101bc was discovered to contain a segmentation vi
 	NOTE: https://github.com/yasm/yasm/issues/215
 	NOTE: Crash in CLI tool, no security impact
 CVE-2023-29579 (yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via th ...)
-	- yasm <unfixed> (bug #1035951)
-	[trixie] - yasm <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - yasm <postponed> (Minor issue, revisit when fixed upstream)
+	- yasm 1.3.0-7 (bug #1035951)
+	[bookworm] - yasm <no-dsa> (Minor issue)
 	[bullseye] - yasm <no-dsa> (Minor issue)
 	[buster] - yasm <no-dsa> (Minor issue)
 	NOTE: https://github.com/yasm/yasm/issues/214
+	NOTE: Not merged upstream, custom patch applied in Debian
 CVE-2023-29578 (mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the  ...)
 	- mp4v2 <removed>
 CVE-2023-29577
@@ -322508,12 +322508,12 @@ CVE-2021-33465 (An issue was discovered in yasm version 1.3.0. There is a NULL p
 	NOTE: https://github.com/yasm/yasm/issues/173
 	NOTE: Crash in CLI tool, no security impact
 CVE-2021-33464 (An issue was discovered in yasm version 1.3.0. There is a heap-buffer- ...)
-	- yasm <unfixed> (bug #1016353)
-	[trixie] - yasm <postponed> (Minor issue, revisit when fixed upstream)
-	[bookworm] - yasm <postponed> (Minor issue, revisit when fixed upstream)
+	- yasm 1.3.0-7 (bug #1016353)
+	[bookworm] - yasm <no-dsa> (Minor issue)
 	[bullseye] - yasm <no-dsa> (Minor issue)
 	[buster] - yasm <no-dsa> (Minor issue)
 	NOTE: https://github.com/yasm/yasm/issues/164
+	NOTE: Not merged upstream, custom patch applied in Debian
 CVE-2021-33463 (An issue was discovered in yasm version 1.3.0. There is a NULL pointer ...)
 	- yasm <unfixed> (unimportant)
 	NOTE: https://github.com/yasm/yasm/issues/174



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d5165706599860579d96e306b5b054c11c27b48

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6d5165706599860579d96e306b5b054c11c27b48
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250430/f747fac9/attachment.htm>

More information about the debian-security-tracker-commits mailing list