Format: 1.8
Date: Thu, 28 Jun 2018 09:11:21 -0400
Source: nasm
Binary: nasm
Architecture: i386
Version: 2.11.08-1ubuntu0.1
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@lgw01-amd64-014.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 nasm       - General-purpose x86 assembler
Changes:
 nasm (2.11.08-1ubuntu0.1) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: code execution via heap use-after-free
     - debian/patches/CVE-2017-10686-1.patch: don't call free_mmacro in
       preproc.c.
     - debian/patches/CVE-2017-10686-2.patch: free token's text if only it
       has been modified in preproc.c.
     - CVE-2017-10686
   * SECURITY UPDATE: heap buffer overflow
     - debian/patches/CVE-2017-11111.patch: only concat tok->text if we
       accounted for its size in preproc.c.
     - CVE-2017-11111
   * SECURITY UPDATE: NULL pointer dereference in paste_tokens
     - debian/patches/CVE-2017-14228.patch: check length in preproc.c.
     - CVE-2017-14228
   * SECURITY UPDATE: DoS via macro calls with wrong number of arguments
     - debian/patches/CVE-2017-17810.patch: check arguments in preproc.c.
     - CVE-2017-17810
   * SECURITY UPDATE: DoS via heap over-read
     - debian/patches/CVE-2017-17812.patch: check for data to process in
       preproc.c.
     - CVE-2017-17812
   * SECURITY UPDATE: DoS via missing check
     - debian/patches/CVE-2017-17815.patch: don't leave nparam_max less than
       nparam_min in preproc.c.
     - CVE-2017-17815
   * SECURITY UPDATE: DoS via incorrect validation
     - debian/patches/CVE-2017-17819.patch: check for NULL pointer in
       preproc.c.
     - CVE-2017-17819
   * SECURITY UPDATE: heap-based overread
     - debian/patches/CVE-2018-8881.patch: handle unterminated strings in
       preproc.c.
     - CVE-2018-8881
   * The above patches also fix the following CVEs:
     - CVE-2017-17811
     - CVE-2017-17813
     - CVE-2017-17814
     - CVE-2017-17816
     - CVE-2017-17817
     - CVE-2017-17818
     - CVE-2017-17820
Checksums-Sha1:
 8c77c828682edee2805c1c924738c307d087c01f 402522 nasm-dbgsym_2.11.08-1ubuntu0.1_i386.ddeb
 764923508818db647a45f7b5c119aa2ec8c79867 1563560 nasm_2.11.08-1ubuntu0.1_i386.deb
Checksums-Sha256:
 b99f53ed195d1b6a1579d6c2f3a763dc6d49b079588146dbe8d643dc548ac006 402522 nasm-dbgsym_2.11.08-1ubuntu0.1_i386.ddeb
 2b9b210a257992b9a781ee4398e23c5425438b5c7503423b3bd86a3f287fed23 1563560 nasm_2.11.08-1ubuntu0.1_i386.deb
Files:
 7ac296dfb96885ddea6758a2254f5b52 402522 devel extra nasm-dbgsym_2.11.08-1ubuntu0.1_i386.ddeb
 ab10dcae1f11b2a47a75381c11b2eb0e 1563560 devel optional nasm_2.11.08-1ubuntu0.1_i386.deb
Original-Maintainer: Anibal Monsalve Salazar <anibal@debian.org>