Your message dated Wed, 30 Apr 2025 07:55:02 +0000
with message-id <e1ua2hw-00bs5m...@fasolo.debian.org>
and subject line Bug#1016353: fixed in yasm 1.3.0-7
has caused the Debian Bug report #1016353,
regarding yasm: CVE-2021-33464
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1016353: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016353
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: yasm
X-Debbugs-CC: t...@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for yasm.
CVE-2021-33464[0]:
| An issue was discovered in yasm version 1.3.0. There is a heap-buffer-
| overflow in inc_fopen() in modules/preprocs/nasm/nasm-pp.c.
https://github.com/yasm/yasm/issues/164
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2021-33464
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33464
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: yasm
Source-Version: 1.3.0-7
Done: Petter Reinholdtsen <p...@debian.org>
We believe that the bug you reported is fixed in the latest version of
yasm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1016...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Petter Reinholdtsen <p...@debian.org> (supplier of updated yasm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 30 Apr 2025 07:59:59 +0200
Source: yasm
Architecture: source
Version: 1.3.0-7
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packa...@qa.debian.org>
Changed-By: Petter Reinholdtsen <p...@debian.org>
Closes: 1016353 1035951
Changes:
yasm (1.3.0-7) unstable; urgency=medium
.
* QA upload.
.
* Added 1000-x86-dir-cpu-CVE-2023-29579.patch to solve crash bug
(Closes: #1035951).
* Added 1010-nasm-pp-no-env-CVE-2021-33464.patch to solve crash bug
(Closes: #1016353).
Checksums-Sha1:
867253b51235b03b40a130b0b6c44dacf4ad72b8 1818 yasm_1.3.0-7.dsc
eb2aa1a46eded3716498e01009d16ad72859fa88 10096 yasm_1.3.0-7.debian.tar.xz
8315755a081a845ef42126316acd9207716f3e3f 7033 yasm_1.3.0-7_source.buildinfo
Checksums-Sha256:
67087c7aabaa687df149dd9bde4e1096893783847f74fbe8b136bee8d270301f 1818
yasm_1.3.0-7.dsc
056bd3863d3ce10a29ff4daaa465683d2486ea89e71d3f18dbe586227b9df2e0 10096
yasm_1.3.0-7.debian.tar.xz
9fd46c2c23d9df3a2dd45aec9fe36535cb375df503d170f355bb7057a50892e0 7033
yasm_1.3.0-7_source.buildinfo
Files:
6f8ba158b9352ae0003b0265f1d12108 1818 devel optional yasm_1.3.0-7.dsc
93004dce509ddb590cd404f657361a5e 10096 devel optional
yasm_1.3.0-7.debian.tar.xz
168b50f1b31542a580b08d4adc2230a1 7033 devel optional
yasm_1.3.0-7_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmgRvOEACgkQgSgKoIe6
+w7/vA/+MyPQWDERnbqRBx936iTD7NYKrdoVRG1pDbRm8RtFa6LPWma9Va74xB9Q
ehgJcd0YH3omnpq7z2xMJGw6bud2RPHUSesbxVPiogHMXGrtxadqj5sTzEHoPfeg
CXF3gKP5vca4nc8n1R/L2vU1/dSsriH105X5+WsKPg/ci/qkbcgNBLQG+RUy5crO
L4wIChl9tM9plXInxvCIMmbmMGFt8LGXhoLmqAVp2h+g1kbZwLDuKQVbrCIdLl0i
vMHu6efbkR71C+Rd3NXTCkYVUadS+7cFc1g/ANIN1i/MpuMMhCu/ajh92SjWKmNG
WHb+LoA7l0ayAunj3S462fck41b7yF5uyEKzLM45/wI6G8KKn+pDnUjc/ksc4FOb
LGOjp8dmZuiAGC7dpirXrKga4lIWJ145CjCf7S9JqesZZztTpYOgMuGp1Fea0PCy
RCfUmGEVbrEwTtbkDTR4VKoRb6w6DQgILX8owNhNyDTv4AG4KQxX/62YtfepQIR8
lDoPaGNfqt/AgUJjVwUwiU0N4I7cFqUbrskTpoUOn+VKYJ/1ZAWugQ8Arz53AsTv
l+V2zxz3lSeY/23O7MrmDB6gbQp3JGPwMy9F7M7r6oAKyjH3mFX6Ut+gnl6SxyDg
ArI6olsDnPDYsPrIOmr9H92iIGXw5ZUVoGPpG5rcBVnEJ12wdkQ=
=o623
-----END PGP SIGNATURE-----
pgprXZUslOAw7.pgp
Description: PGP signature
--- End Message ---
