Bug#1119172: marked as done (yasm: CVE-2021-33456)

To: Syed Shahrukh Hussain <syed.shahrukh@ossrevival.org>
Subject: Bug#1119172: marked as done (yasm: CVE-2021-33456)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Tue, 28 Oct 2025 11:23:04 +0000
Message-id: <[🔎] handler.1119172.D1119172.17616504441712682.ackdone@bugs.debian.org>
Reply-to: 1119172@bugs.debian.org
References: <E1vDhkp-00CbgJ-01@fasolo.debian.org> <[🔎] 176160068095.154387.9938031649858888324.reportbug@latitude-7420>

Your message dated Tue, 28 Oct 2025 11:20:43 +0000
with message-id <E1vDhkp-00CbgJ-01@fasolo.debian.org>
and subject line Bug#1119172: fixed in yasm 1.3.0-8
has caused the Debian Bug report #1119172,
regarding yasm: CVE-2021-33456
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
1119172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1119172
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: yasm: CVE-2021-33456

From: Syed Shahrukh Hussain <syed.shahrukh@ossrevival.org>

Date: Tue, 28 Oct 2025 02:31:20 +0500

Message-id: <[🔎] 176160068095.154387.9938031649858888324.reportbug@latitude-7420>
Source: yasm
Version: 1.3.0-7
Severity: important
Tags: security, upstream

Hi,

The following vulnerability was published for yasm.

An issue was discovered in yasm version 1.3.0. 

There is a NULL pointer dereference in hash() in
modules/preprocs/nasm/nasm-pp.c.

For further information see:

https://www.cve.org/CVERecord?id=CVE-2021-33456

https://github.com/yasm/yasm/issues/175
--- End Message ---

--- Begin Message ---

To: 1119172-close@bugs.debian.org
Subject: Bug#1119172: fixed in yasm 1.3.0-8
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Tue, 28 Oct 2025 11:20:43 +0000
Message-id: <E1vDhkp-00CbgJ-01@fasolo.debian.org>
Reply-to: Syed Shahrukh Hussain <syed.shahrukh@ossrevival.org>

Source: yasm
Source-Version: 1.3.0-8
Done: Syed Shahrukh Hussain <syed.shahrukh@ossrevival.org>

We believe that the bug you reported is fixed in the latest version of
yasm, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1119172@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Syed Shahrukh Hussain <syed.shahrukh@ossrevival.org> (supplier of updated yasm package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 28 Oct 2025 02:40:00 +0500
Source: yasm
Architecture: source
Version: 1.3.0-8
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Syed Shahrukh Hussain <syed.shahrukh@ossrevival.org>
Closes: 1119172
Changes:
 yasm (1.3.0-8) unstable; urgency=medium
 .
   * QA upload.
 .
   * Added 1020-hash-null-CVE-2021-33456.patch (Closes: #1119172).
   * Updated d/watch file format to version 5.
Checksums-Sha1:
 a0a0866e8b54975335f1830931a0cc66827396b0 1668 yasm_1.3.0-8.dsc
 5e71d1eb9d4d4d2762ae1d8b21d1f4d168318376 10228 yasm_1.3.0-8.debian.tar.xz
 72c8faa3905b23fd75f794e5ec22eefae2446e7c 5869 yasm_1.3.0-8_source.buildinfo
Checksums-Sha256:
 921d54dd9881d4d438e075e51db72fc4b760895df13e2b35b9f11a89b97752fa 1668 yasm_1.3.0-8.dsc
 710f63fb4b460821c2368a1a149e8b544bbad569ae01f54f709efaef8c369d1c 10228 yasm_1.3.0-8.debian.tar.xz
 133b2ab8fc2c941f986272b28d611446cae5177978de2d14935717bc71d30b95 5869 yasm_1.3.0-8_source.buildinfo
Files:
 2060768b739d9ba725404b4b00fede9f 1668 devel optional yasm_1.3.0-8.dsc
 d0608861ae347ddc959130968483d281 10228 devel optional yasm_1.3.0-8.debian.tar.xz
 6c96bceda5c37900f9c8e098f0917b76 5869 devel optional yasm_1.3.0-8_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQHEBAEBCgAuFiEEQGIgyLhVKAI3jM5BH1x6i0VWQxQFAmkAnVUQHGJhZ2VAZGVi
aWFuLm9yZwAKCRAfXHqLRVZDFHB/DACOBrA+BQ7OYoDW//x+GOkwMLjR0wU2JfrH
bdhKI0UvDbbqNx8GFyDXL7h/UfCYi8K7ze6LvJIIvZd+w/qSGNqEwndlR4O7HBAr
iov20u299+BCvmHHK4T9OF7mTN7Uky/vzP65HNJu9GAtjt1kl2xnd3LtHnO+KEOY
rO4HDkU752iwvI0aPV3jdUJ4Hdpn8w+usLxhmltv3M1Fu3TMxGczbKTKEJ6J1rA5
XQzh2qfG6Rdmnt4zhu3xjqdaWCRDbnQZwZxiFonVNyBbMmdjJWroNcAIlW4QAe3e
PRiQWx51DAXViA8U3467W0Q/IrexgkZ1hOVdrFH6RgFVPktK+aBN2SWr7p64D77o
aiVjydlg0lUaAKgsUnkyeNDKZN4icObLw6sXi8Xy0Spiq6xBICrMxMBjpOwBHlK5
RIpOZjPSAkkAmoPDUWH7y57VyZYoQnq6uhCZW+PeBkTMs9OxoXf1dFRudWeyujKH
Wl+XYUFUw5QTv3iEiaxf39/iImg+GZI=
=k9Mk
-----END PGP SIGNATURE-----

Attachment: pgp5KZA_oabNV.pgp
Description: PGP signature

--- End Message ---

Reply to:

References:
- Bug#1119172: yasm: CVE-2021-33456
  - From: Syed Shahrukh Hussain <syed.shahrukh@ossrevival.org>

Prev by Date: Bug#1119175: fsvs: Depends on db5.3
Next by Date: Bug#1119175: fsvs: Depends on db5.3
Previous by thread: Bug#1119172: yasm: CVE-2021-33456
Next by thread: Processed: 389-ds-base: Depends on db5.3
Index(es):
- Date
- Thread