Back to nasm PTS page

Accepted nasm 2.10.01-1+deb7u1 (source amd64) into oldoldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 26 Jul 2016 19:03:02 +0200
Source: nasm
Binary: nasm
Architecture: source amd64
Version: 2.10.01-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 nasm       - General-purpose x86 assembler
Changes:
 nasm (2.10.01-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the Wheezy LTS Team.
   * CVE-2017-10686
     In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use
     after free vulnerabilities in the tool nasm. The related heap is
     allocated in the token() function and freed in the detoken()
     function (called by pp_getline()) - it is used again at multiple
     positions later that could cause multiple damages. For example,
     it causes a corrupted double-linked list in detoken(), a double
     free or corruption in delete_Token(), and an out-of-bounds write
     in detoken(). It has a high possibility to lead to a remote code
     execution attack.
   * CVE-2017-11111
     In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote
     attackers to cause a denial of service (heap-based buffer
     overflow and application crash) or possibly have unspecified
     other impact via a crafted file.
Checksums-Sha1:
 5e2c823a59292b23e0f51bc797aef1fcbee3235a 1925 nasm_2.10.01-1+deb7u1.dsc
 00c332384bc7b15cba72e4438b471e91f757ac3b 813979 nasm_2.10.01.orig.tar.bz2
 8035527eec90be5c8ee6d2a7cc796d866dbfd681 16110 nasm_2.10.01-1+deb7u1.debian.tar.bz2
 c0a24beea69092f5960886d7f6d2c8a2b431c5fa 1486656 nasm_2.10.01-1+deb7u1_amd64.deb
Checksums-Sha256:
 096c1ed946a12b0d603d815cda7bd1f054cf79acaf9f0168f93db769beb39824 1925 nasm_2.10.01-1+deb7u1.dsc
 ac9b37d265c35492ab1bc29dd5a4f3da11b42dd9fea7a31d95f6cb4c812bda84 813979 nasm_2.10.01.orig.tar.bz2
 c6e669f07b56b31cdf85760769f2bc68416b699f042327b58fa567e3b396a11e 16110 nasm_2.10.01-1+deb7u1.debian.tar.bz2
 84006f38243a7a3a560a1343ba1ba0c7c26091c7a6f8d87a8e6da9c058049d5c 1486656 nasm_2.10.01-1+deb7u1_amd64.deb
Files:
 1bffb7cba366eee942edfd4d44ae3023 1925 devel optional nasm_2.10.01-1+deb7u1.dsc
 2e02cb6e90f52950eaaa8cce7a9f2327 813979 devel optional nasm_2.10.01.orig.tar.bz2
 707dd28e1b30bee35d7a4816ff95ab94 16110 devel optional nasm_2.10.01-1+deb7u1.debian.tar.bz2
 894aefa4e124b59030a72294c970730a 1486656 devel optional nasm_2.10.01-1+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAll7fUtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR/DpEACZGMbOdVnKF5ddlr4IwJ4VinJGW43r
SO9nSgVBDFaJw/Tx54E/4ZE+TorF/wt5ORC+oGLK1l1mYNm/tsJbhwRZ2J0PSc5J
3YeKWCrKHhvm71XUmhVw2yMhQCqdKM9OMwMt0J3pRlu+aC8TeZ43cv1ozcuUkXQZ
dQF7yGWGgWL9V15rdPqHqxfAEg067mwmamBf6CsD2nOlpMwbGfFNgVBLrvbuG4VI
egqKRQYt5ooOdReMcZ67nSO//fGhQ3x5/2/VuheFMzwjtK91MnagSl+Yf6wBul4p
2W4ap46MU7b3yD4PJyxCPg0y5akjwzDgjKN+5TF7t70e+LM/R7PqWCW8nLDsFsp0
xNqZJIAIiD2ejbYvEGyi3fVCQ7IkvcA/9ngDRy7teCoI5YeZm/rGtXRIYQ5VxWFU
j5Q6Lre+KkIEjvYBFRLsnojzhBv5SyVYZUMCFH11hZgKbwc0tDmOaTseXW2S1UPu
8z/pZSbC1XoMzW1dZS8xkIcB7W/gm2zMcYoodKfavtXgwypxSM9bMclM9eXhEZ+s
CUOinGgdGR/xpHNAhmgnt7EYX91kIJ3VHRtB3gjnNuKxVA8AGonxSyHgVkyqOWO2
ZoFi5dMRoQl1NNryGHuX2ib/73pwEBQjTA0dV1cbgbAcRPtrbjrPubp8Fsb5lBt6
UnZnV9pWduyifw==
=R8IG
-----END PGP SIGNATURE-----