Debian Bug report logs -
#867988
CVE-2017-11111 CVE-2017-10686
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 10 Jul 2017 21:24:02 UTC
Severity: grave
Tags: security, upstream
Fixed in version nasm/2.13.02-0.1
Done: Matthias Klose <doko@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#867988; Package nasm.
(Mon, 10 Jul 2017 21:24:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Anibal Monsalve Salazar <anibal@debian.org>.
(Mon, 10 Jul 2017 21:24:04 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: nasm
Severity: grave
Tags: security
Please see
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11111
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10686
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Thu, 13 Jul 2017 19:54:05 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#867988; Package nasm.
(Thu, 21 Sep 2017 00:15:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Michał Mirosław <mirq-deboogs@rere.qmqm.pl>:
Extra info received and forwarded to list. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>.
(Thu, 21 Sep 2017 00:15:03 GMT) (full text, mbox, link).
Message #12 received at 867988@bugs.debian.org (full text, mbox, reply):
These seem to be fixed in upstream:
https://bugzilla.nasm.us/show_bug.cgi?id=3392414
https://bugzilla.nasm.us/show_bug.cgi?id=3392415
Best Regards,
Michał Mirosław
Reply sent
to Matthias Klose <doko@debian.org>:
You have taken responsibility.
(Tue, 05 Dec 2017 08:54:04 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Tue, 05 Dec 2017 08:54:04 GMT) (full text, mbox, link).
Message #17 received at 867988-close@bugs.debian.org (full text, mbox, reply):
Source: nasm
Source-Version: 2.13.02-0.1
We believe that the bug you reported is fixed in the latest version of
nasm, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 867988@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Matthias Klose <doko@debian.org> (supplier of updated nasm package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 05 Dec 2017 08:31:54 +0100
Source: nasm
Binary: nasm
Architecture: source
Version: 2.13.02-0.1
Distribution: unstable
Urgency: medium
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Matthias Klose <doko@debian.org>
Description:
nasm - General-purpose x86 assembler
Closes: 867988 874731
Changes:
nasm (2.13.02-0.1) unstable; urgency=medium
.
* Non-maintainer upload.
* New upstream version.
- Addresses CVE-2017-14228. Closes: #874731.
- Addresses CVE-2017-11111 CVE-2017-10686. Closes: #867988.
* Bump standards version.
Checksums-Sha1:
f4c739174ead7dd74c81121b657e0449525f1e2a 1889 nasm_2.13.02-0.1.dsc
9f2e5f95d7966fe609c7c20771d64254ee77204e 805744 nasm_2.13.02.orig.tar.xz
bafebb8aef2353c4ff40bcc321ddd21c45ebf14b 16412 nasm_2.13.02-0.1.debian.tar.xz
80b1fd28e1d64952e9eb8bf04a4743daacde5546 6668 nasm_2.13.02-0.1_source.buildinfo
Checksums-Sha256:
41b9318393add53b3c72d77105f4c5111c7d89fbf3de1100a7a110e299fa2042 1889 nasm_2.13.02-0.1.dsc
8ac3235f49a6838ff7a8d7ef7c19a4430d0deecc0c2d3e3e237b5e9f53291757 805744 nasm_2.13.02.orig.tar.xz
0c11c4441ee505b7cbb701a1be9e7f5d8d59d0bc3058a3a9f7f7bda79ed5f8b0 16412 nasm_2.13.02-0.1.debian.tar.xz
6b39841e8b4c821b171b10d1561741a045c04e3e74026206b40be4e99c4c00bf 6668 nasm_2.13.02-0.1_source.buildinfo
Files:
9f18480e65969302269bc19ec964313b 1889 devel optional nasm_2.13.02-0.1.dsc
abb79a82fa30908217e30f76eca8a557 805744 devel optional nasm_2.13.02.orig.tar.xz
e8927f31783e97a318275c4cc973ae11 16412 devel optional nasm_2.13.02-0.1.debian.tar.xz
f699585efd109bb5d192c19a573ee80b 6668 devel optional nasm_2.13.02-0.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE1WVxuIqLuvFAv2PWvX6qYHePpvUFAlomT9EQHGRva29AZGVi
aWFuLm9yZwAKCRC9fqpgd4+m9eKGD/oCas0Axp6Bn8kRSblVaAjwuKpyJJ0mNDDK
jo9MlYRhVMBB3BfvPIi32Fs05fmctxLIzUOQduW/mLi0vIu4ZE1N52iR6VG2Eqqv
jHrkOlsu4244p7TO1gjUNhSmA24a8PseFhsxKMSfutQAi1hLlHONGm6Lg33NFlb8
knQeAh47zaTzsiIYaj4AxaJdO5mZ59vnvislHgjo26Mf9ULt0oWRnUX8DIr9K1gY
hM8nqpVG/kMAgooTpEXbIBLGHzl6XpitEBYAeqwX/u0p5hk/KCCTktsXntkYAaNW
HUIGwY50xlsc27klsNQdcL1+Y6s7LQO8xSM2QcxUgkKiVmfWopbzGgOMlm4BLO6h
an/9oXUq0Nk9l0EIeAlGViKxhhakVUZvQw0wOhRU65QAxd/MBpima+1yYgZGPWP1
9ldpXaROYibT1oIXMdTPt1u5f08ZLoUk2D4vIlLQhekshh9DLLSsWx4Uh6mMMZib
jOSn9da2Rv2iIUppFF6Afph5B5Vn4Y/0vQtR8FkJz2UtyoI8YDs8A1opTDJAKO14
9RkcnnGVPBzQZD37ZxBSBHGn10xawb5f/taSgKxXXkbdnP8lOunr0nkTE3GdVJtM
6Zm8X6/K7BIQ9B3zk6jxYrbjbN7y0lbxAL8wV2yCGEQeJcnmKyZrB8NJa2BQaJJw
RUDUSFBHPw==
=UZhE
-----END PGP SIGNATURE-----
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:07:31 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon