Your message dated Wed, 18 Jun 2008 17:29:05 +1000
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#486715: nasm: CVE-2008-2719 off-by one in ppscan
has caused the Debian Bug report #486715,
regarding nasm: CVE-2008-2719 off-by one in ppscan
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
486715: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=486715
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: nasm
Severity: grave
Version: 2.02-1
Tags: security patch
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for nasm.
CVE-2008-2719[0]:
| Off-by-one error in the ppscan function (preproc.c) in Netwide
| Assembler (NASM) 2.02 allows context-dependent attackers to cause a
| denial of service (crash) and possibly execute arbitrary code via a
| crafted file that triggers a stack-based buffer overflow.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
Upstream patch:
https://sourceforge.net/tracker/download.php?group_id=6208&atid=106208&file_id=274609&aid=1942146
Note, the description on the mitre site is not yet online but it will
be the same as the above one.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2719
http://security-tracker.debian.net/tracker/CVE-2008-2719
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpC7MeE0Bztz.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Version: 2.03.01-1
[Bcc: [EMAIL PROTECTED]
On Tue, Jun 17, 2008 at 10:17:29PM +0200, Nico Golde wrote:
>Package: nasm
>Severity: grave
>Version: 2.02-1
>Tags: security patch
>
>Hi,
>the following CVE (Common Vulnerabilities & Exposures) id was published
>for nasm.
>
>CVE-2008-2719[0]:
>>Off-by-one error in the ppscan function (preproc.c) in Netwide
>>Assembler (NASM) 2.02 allows context-dependent attackers to cause a
>>denial of service (crash) and possibly execute arbitrary code via a
>>crafted file that triggers a stack-based buffer overflow.
>
>If you fix the vulnerability please also make sure to include the CVE
>id in your changelog entry.
Too late!
Your bug report reached me 7+ hours after I've uploaded nasm 2.03.01-1
>Upstream patch:
>https://sourceforge.net/tracker/download.php?group_id=6208&atid=106208&file_id=274609&aid=1942146
Already in nasm 2.03.01-1
Release team, please consider setting the age-days of nasm 2.03.01-1 to
2.
>Note, the description on the mitre site is not yet online but it will
>be the same as the above one.
>
>For further information see:
>
>[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2719
>http://security-tracker.debian.net/tracker/CVE-2008-2719
>
>-- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG:
>0x73647CFF For security reasons, all text in this mail is double-rot13
>encrypted.
signature.asc
Description: Digital signature
--- End Message ---
