Format: 1.8
Date: Thu, 28 Jun 2018 09:15:32 -0400
Source: nasm
Binary: nasm
Architecture: i386
Version: 2.10.09-1ubuntu0.1
Distribution: trusty
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-024.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description: 
 nasm       - General-purpose x86 assembler
Changes: 
 nasm (2.10.09-1ubuntu0.1) trusty-security; urgency=medium
 .
   * SECURITY UPDATE: code execution via heap use-after-free
     - debian/patches/CVE-2017-10686-1.patch: don't call free_mmacro in
       preproc.c.
     - debian/patches/CVE-2017-10686-2.patch: free token's text if only it
       has been modified in preproc.c.
     - CVE-2017-10686
   * SECURITY UPDATE: heap buffer overflow
     - debian/patches/CVE-2017-11111.patch: only concat tok->text if we
       accounted for its size in preproc.c.
     - CVE-2017-11111
   * SECURITY UPDATE: NULL pointer dereference in paste_tokens
     - debian/patches/CVE-2017-14228.patch: check length in preproc.c.
     - CVE-2017-14228
   * SECURITY UPDATE: DoS via macro calls with wrong number of arguments
     - debian/patches/CVE-2017-17810.patch: check arguments in preproc.c.
     - CVE-2017-17810
   * SECURITY UPDATE: DoS via heap over-read
     - debian/patches/CVE-2017-17812.patch: check for data to process in
       preproc.c.
     - CVE-2017-17812
   * SECURITY UPDATE: DoS via missing check
     - debian/patches/CVE-2017-17815.patch: don't leave nparam_max less than
       nparam_min in preproc.c.
     - CVE-2017-17815
   * SECURITY UPDATE: DoS via incorrect validation
     - debian/patches/CVE-2017-17819.patch: check for NULL pointer in
       preproc.c.
     - CVE-2017-17819
   * SECURITY UPDATE: heap-based overread
     - debian/patches/CVE-2018-8881.patch: handle unterminated strings in
       preproc.c.
     - CVE-2018-8881
   * The above patches also fix the following CVEs:
     - CVE-2017-17811
     - CVE-2017-17813
     - CVE-2017-17814
     - CVE-2017-17816
     - CVE-2017-17817
     - CVE-2017-17818
     - CVE-2017-17820
Checksums-Sha1: 
 4127b78ed18f62ab4cb6379473dc477f3b338969 1477812 nasm_2.10.09-1ubuntu0.1_i386.deb
 1a2638b0a17ee41fbc6a76c970042af432c84517 382702 nasm-dbgsym_2.10.09-1ubuntu0.1_i386.ddeb
Checksums-Sha256: 
 6fd6e630d6912073b351d5aa8539616ddfd8c4228f164dcd70f671c036b736c9 1477812 nasm_2.10.09-1ubuntu0.1_i386.deb
 1bdd3dc0eaa2f9a711b8905a396b12c1a472f64afe3c4b886415ef168038f799 382702 nasm-dbgsym_2.10.09-1ubuntu0.1_i386.ddeb
Files: 
 f64d96bced15dbddb30f95337faaf18b 1477812 devel optional nasm_2.10.09-1ubuntu0.1_i386.deb
 0cab9698b385bfb6332983a88b60667f 382702 devel extra nasm-dbgsym_2.10.09-1ubuntu0.1_i386.ddeb
Original-Maintainer: Anibal Monsalve Salazar <anibal@debian.org>