[Git][security-tracker-team/security-tracker][master] 4 commits: Update CVE-2018-19216/nasm and mark it as no-dsa

Sun, 18 Nov 2018 00:26:10 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
92803ad4 by Salvatore Bonaccorso at 2018-11-18T08:21:57Z
Update CVE-2018-19216/nasm and mark it as no-dsa

As untriaged if the use after free could be leveraged other than
crashing the CLI tool, mark it as no-dsa

- - - - -
3d355ab2 by Salvatore Bonaccorso at 2018-11-18T08:22:33Z
Fix note for CVE-2018-10016/nasm

- - - - -
a5c8d6f9 by Salvatore Bonaccorso at 2018-11-18T08:25:00Z
CVE-2018-10016/nasm fixed in unstable via new upstrem version

- - - - -
17556c7f by Salvatore Bonaccorso at 2018-11-18T08:25:30Z
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -576,11 +576,12 @@ CVE-2018-19217 (In ncurses 6.1, there is a NULL pointer 
dereference at the funct
        - ncurses <undetermined>
        NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643753
 CVE-2018-19216 (Netwide Assembler (NASM) before 2.13.02 has a use-after-free 
in detoken ...)
-       - nasm 2.13.02-0.1 (unimportant)
+       - nasm 2.13.02-0.1
+       [stretch] - nasm <no-dsa> (Minor issue)
+       [jessie] - nasm <ignored> (Minor issue)
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392425
        NOTE: Fix: 
https://repo.or.cz/nasm.git/commitdiff/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9
        NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1115758#c7
-       NOTE: NOTE: No security impact, crash in CLI tool
 CVE-2018-19215 (Netwide Assembler (NASM) 2.14rc16 has a heap-based buffer 
over-read in ...)
        - nasm <unfixed> (unimportant)
        NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392525
@@ -24272,11 +24273,11 @@ CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 
1.27.07.00 and libopenmpt
        [stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u3
        NOTE: 
https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76
 CVE-2018-10016 (Netwide Assembler (NASM) 2.14rc0 has a division-by-zero 
vulnerability ...)
-       - nasm <unfixed> (bug #895408)
+       - nasm 2.14-1 (bug #895408)
        [stretch] - nasm <no-dsa> (Minor issue)
        [jessie] - nasm <no-dsa> (Minor issue)
        [wheezy] - nasm <no-dsa> (Minor issue)
-       NOTE: ttps://bugzilla.nasm.us/show_bug.cgi?id=3392473
+       NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392473
 CVE-2018-10015
        RESERVED
 CVE-2018-10014



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee6b61a7f7c28b4efa359df2b5bb915171cf149d...17556c7fe2e956190ea850925a706058b8adcde5

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/compare/ee6b61a7f7c28b4efa359df2b5bb915171cf149d...17556c7fe2e956190ea850925a706058b8adcde5
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to