Bug#1035951: marked as done (yasm: CVE-2023-29579)

To: Petter Reinholdtsen <pere@debian.org>
Subject: Bug#1035951: marked as done (yasm: CVE-2023-29579)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 30 Apr 2025 07:57:03 +0000
Message-id: <[🔎] handler.1035951.D1035951.1745999706754243.ackdone@bugs.debian.org>
Reply-to: 1035951@bugs.debian.org
References: <E1uA2HW-00BS5R-Vl@fasolo.debian.org> <ZF0MXiQX0BV8dOLz@pisco.westfalen.local>

Your message dated Wed, 30 Apr 2025 07:55:02 +0000
with message-id <E1uA2HW-00BS5R-Vl@fasolo.debian.org>
and subject line Bug#1035951: fixed in yasm 1.3.0-7
has caused the Debian Bug report #1035951,
regarding yasm: CVE-2023-29579
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1035951: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035951
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: submit@bugs.debian.org
Subject: yasm: CVE-2023-29579
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Thu, 11 May 2023 17:40:14 +0200
Message-id: <ZF0MXiQX0BV8dOLz@pisco.westfalen.local>

Source: yasm
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security

Hi,

The following vulnerability was published for yasm.

CVE-2023-29579[0]:
| yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via
| the component yasm/yasm+0x43b466 in vsprintf.

https://github.com/yasm/yasm/issues/214

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-29579
    https://www.cve.org/CVERecord?id=CVE-2023-29579

Please adjust the affected versions in the BTS as needed.

--- End Message ---

--- Begin Message ---

To: 1035951-close@bugs.debian.org
Subject: Bug#1035951: fixed in yasm 1.3.0-7
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Wed, 30 Apr 2025 07:55:02 +0000
Message-id: <E1uA2HW-00BS5R-Vl@fasolo.debian.org>
Reply-to: Petter Reinholdtsen <pere@debian.org>

Source: yasm
Source-Version: 1.3.0-7
Done: Petter Reinholdtsen <pere@debian.org>

We believe that the bug you reported is fixed in the latest version of
yasm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1035951@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Petter Reinholdtsen <pere@debian.org> (supplier of updated yasm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 30 Apr 2025 07:59:59 +0200
Source: yasm
Architecture: source
Version: 1.3.0-7
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Petter Reinholdtsen <pere@debian.org>
Closes: 1016353 1035951
Changes:
 yasm (1.3.0-7) unstable; urgency=medium
 .
   * QA upload.
 .
   * Added 1000-x86-dir-cpu-CVE-2023-29579.patch to solve crash bug
     (Closes: #1035951).
   * Added 1010-nasm-pp-no-env-CVE-2021-33464.patch to solve crash bug
     (Closes: #1016353).
Checksums-Sha1:
 867253b51235b03b40a130b0b6c44dacf4ad72b8 1818 yasm_1.3.0-7.dsc
 eb2aa1a46eded3716498e01009d16ad72859fa88 10096 yasm_1.3.0-7.debian.tar.xz
 8315755a081a845ef42126316acd9207716f3e3f 7033 yasm_1.3.0-7_source.buildinfo
Checksums-Sha256:
 67087c7aabaa687df149dd9bde4e1096893783847f74fbe8b136bee8d270301f 1818 yasm_1.3.0-7.dsc
 056bd3863d3ce10a29ff4daaa465683d2486ea89e71d3f18dbe586227b9df2e0 10096 yasm_1.3.0-7.debian.tar.xz
 9fd46c2c23d9df3a2dd45aec9fe36535cb375df503d170f355bb7057a50892e0 7033 yasm_1.3.0-7_source.buildinfo
Files:
 6f8ba158b9352ae0003b0265f1d12108 1818 devel optional yasm_1.3.0-7.dsc
 93004dce509ddb590cd404f657361a5e 10096 devel optional yasm_1.3.0-7.debian.tar.xz
 168b50f1b31542a580b08d4adc2230a1 7033 devel optional yasm_1.3.0-7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEERqLf4owIeylOb9kkgSgKoIe6+w4FAmgRvOEACgkQgSgKoIe6
+w7/vA/+MyPQWDERnbqRBx936iTD7NYKrdoVRG1pDbRm8RtFa6LPWma9Va74xB9Q
ehgJcd0YH3omnpq7z2xMJGw6bud2RPHUSesbxVPiogHMXGrtxadqj5sTzEHoPfeg
CXF3gKP5vca4nc8n1R/L2vU1/dSsriH105X5+WsKPg/ci/qkbcgNBLQG+RUy5crO
L4wIChl9tM9plXInxvCIMmbmMGFt8LGXhoLmqAVp2h+g1kbZwLDuKQVbrCIdLl0i
vMHu6efbkR71C+Rd3NXTCkYVUadS+7cFc1g/ANIN1i/MpuMMhCu/ajh92SjWKmNG
WHb+LoA7l0ayAunj3S462fck41b7yF5uyEKzLM45/wI6G8KKn+pDnUjc/ksc4FOb
LGOjp8dmZuiAGC7dpirXrKga4lIWJ145CjCf7S9JqesZZztTpYOgMuGp1Fea0PCy
RCfUmGEVbrEwTtbkDTR4VKoRb6w6DQgILX8owNhNyDTv4AG4KQxX/62YtfepQIR8
lDoPaGNfqt/AgUJjVwUwiU0N4I7cFqUbrskTpoUOn+VKYJ/1ZAWugQ8Arz53AsTv
l+V2zxz3lSeY/23O7MrmDB6gbQp3JGPwMy9F7M7r6oAKyjH3mFX6Ut+gnl6SxyDg
ArI6olsDnPDYsPrIOmr9H92iIGXw5ZUVoGPpG5rcBVnEJ12wdkQ=
=o623
-----END PGP SIGNATURE-----

Attachment: pgp_aeSgP3A68.pgp
Description: PGP signature

--- End Message ---

Reply to:

Prev by Date: Bug#1016353: marked as done (yasm: CVE-2021-33464)
Next by Date: Bug#1099290: marked as done (statcvs: FTBFS: error: package org.jfree.ui does not exist)
Previous by thread: Bug#1016353: marked as done (yasm: CVE-2021-33464)
Next by thread: Bug#1099290: marked as done (statcvs: FTBFS: error: package org.jfree.ui does not exist)
Index(es):
- Date
- Thread