Format: 1.8
Date: Thu, 28 Jun 2018 09:11:21 -0400
Source: nasm
Binary: nasm
Architecture: powerpc
Version: 2.11.08-1ubuntu0.1
Distribution: xenial
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@bos02-powerpc-001.buildd>
Changed-By: Marc Deslauriers <marc.deslauriers@ubuntu.com>
Description:
 nasm       - General-purpose x86 assembler
Changes:
 nasm (2.11.08-1ubuntu0.1) xenial-security; urgency=medium
 .
   * SECURITY UPDATE: code execution via heap use-after-free
     - debian/patches/CVE-2017-10686-1.patch: don't call free_mmacro in
       preproc.c.
     - debian/patches/CVE-2017-10686-2.patch: free token's text if only it
       has been modified in preproc.c.
     - CVE-2017-10686
   * SECURITY UPDATE: heap buffer overflow
     - debian/patches/CVE-2017-11111.patch: only concat tok->text if we
       accounted for its size in preproc.c.
     - CVE-2017-11111
   * SECURITY UPDATE: NULL pointer dereference in paste_tokens
     - debian/patches/CVE-2017-14228.patch: check length in preproc.c.
     - CVE-2017-14228
   * SECURITY UPDATE: DoS via macro calls with wrong number of arguments
     - debian/patches/CVE-2017-17810.patch: check arguments in preproc.c.
     - CVE-2017-17810
   * SECURITY UPDATE: DoS via heap over-read
     - debian/patches/CVE-2017-17812.patch: check for data to process in
       preproc.c.
     - CVE-2017-17812
   * SECURITY UPDATE: DoS via missing check
     - debian/patches/CVE-2017-17815.patch: don't leave nparam_max less than
       nparam_min in preproc.c.
     - CVE-2017-17815
   * SECURITY UPDATE: DoS via incorrect validation
     - debian/patches/CVE-2017-17819.patch: check for NULL pointer in
       preproc.c.
     - CVE-2017-17819
   * SECURITY UPDATE: heap-based overread
     - debian/patches/CVE-2018-8881.patch: handle unterminated strings in
       preproc.c.
     - CVE-2018-8881
   * The above patches also fix the following CVEs:
     - CVE-2017-17811
     - CVE-2017-17813
     - CVE-2017-17814
     - CVE-2017-17816
     - CVE-2017-17817
     - CVE-2017-17818
     - CVE-2017-17820
Checksums-Sha1:
 d4db05ccd1a401d604424d06f6725ba5032417cc 433558 nasm-dbgsym_2.11.08-1ubuntu0.1_powerpc.ddeb
 ceed2922b78d3c6b74b68e342d9a1ea20b4b17c9 1533006 nasm_2.11.08-1ubuntu0.1_powerpc.deb
Checksums-Sha256:
 2f6baf2fcd7b5689535456f99a6e6e3fc4b9ac80482d5adfc42a4fc20b85e97b 433558 nasm-dbgsym_2.11.08-1ubuntu0.1_powerpc.ddeb
 5502da829129d56b1210ba7c84cfce69db7366bd1148a13aaeda90180ef90b8a 1533006 nasm_2.11.08-1ubuntu0.1_powerpc.deb
Files:
 1376edb2a476b2b885c357668878b854 433558 devel extra nasm-dbgsym_2.11.08-1ubuntu0.1_powerpc.ddeb
 8d2e24b8eaad8566cf382fd74a7a7fa1 1533006 devel optional nasm_2.11.08-1ubuntu0.1_powerpc.deb
Original-Maintainer: Anibal Monsalve Salazar <anibal@debian.org>