I'm not sure if the 0.98.39 in portage is affected...http://securityfocus.com/bid/13506/info/ says that 0.98.38 and 0.98.35 are vulnerable but CAN-2005-1194 just says 0.98 ---------------------------------------------- NASM is prone to a remote buffer overflow vulnerability. This issue affects the 'ieee_putascii()' function. It is likely that an attacker exploits this issue by crafting a malicious source file to be assembled by the application. This file is sent to an affected user and if the user loads the file in NASM, the attack may result in arbitrary code execution. The attacker may then gain unauthorized access in the context of the user running NASM.
According to tigger^ 0.98.39 is vulnerable. (Anyway, I didn't see that it was released on January)
Fixed. Security team can proceed.
Team members, please advise on this one
Here's from the original advisory (http://sourceforge.net/mailarchive/forum.php?thread_id=7175315&forum_id=4978) --- nasm-0.98.39/output/outieee.c.overfl 2005-01-15 23:16:08.000000000 +0100 +++ nasm-0.98.39/output/outieee.c 2005-04-01 12:55:17.231530832 +0200 @@ -1120,7 +1120,7 @@ static void ieee_putascii(char *format, va_list ap; va_start(ap, format); - vsprintf(buffer, format, ap); + vsnprintf(buffer, sizeof(buffer), format, ap); l = strlen(buffer); for (i = 0; i < l; i++) if ((buffer[i] & 0xff) > 31)
It's here in CVS: http://sourceforge.net/mailarchive/forum.php?thread_id=7218790&forum_id=9091
Why are we still talking about this? It's fixed in portage already. Security team, do your announce thing and let's move on.
Closing without GLSA, because it relies on a too dumb user to work.