Version: 2.03.01-1 [Bcc: 486715-done@bugs.debian.org] On Tue, Jun 17, 2008 at 10:17:29PM +0200, Nico Golde wrote: >Package: nasm >Severity: grave >Version: 2.02-1 >Tags: security patch > >Hi, >the following CVE (Common Vulnerabilities & Exposures) id was published >for nasm. > >CVE-2008-2719[0]: >>Off-by-one error in the ppscan function (preproc.c) in Netwide >>Assembler (NASM) 2.02 allows context-dependent attackers to cause a >>denial of service (crash) and possibly execute arbitrary code via a >>crafted file that triggers a stack-based buffer overflow. > >If you fix the vulnerability please also make sure to include the CVE >id in your changelog entry. Too late! Your bug report reached me 7+ hours after I've uploaded nasm 2.03.01-1 >Upstream patch: >https://sourceforge.net/tracker/download.php?group_id=6208&atid=106208&file_id=274609&aid=1942146 Already in nasm 2.03.01-1 Release team, please consider setting the age-days of nasm 2.03.01-1 to 2. >Note, the description on the mitre site is not yet online but it will >be the same as the above one. > >For further information see: > >[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2719 >http://security-tracker.debian.net/tracker/CVE-2008-2719 > >-- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: >0x73647CFF For security reasons, all text in this mail is double-rot13 >encrypted.
Attachment:
signature.asc
Description: Digital signature