dev-lang/nasm-2.14 was released on 2018-11-07. There are several changes which sound like security fixes: https://www.nasm.us/xdoc/2.14/html/nasmdocc.html """ ・ Changed -I option semantics by adding a trailing path separator unconditionally. ・ Fixed null dereference in corrupted invalid single line macros. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ・ Fixed division by zero which may happen if source code is malformed. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ・ Fixed out of bound access in processing of malformed segment override. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ・ Fixed out of bound access in certain EQU parsing. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ・ Fixed buffer underflow in float parsing. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ・ Added SGX (Intel Software Guard Extensions) instructions. ・ Added +n syntax for multiple contiguous registers. ・ Fixed subsections_via_symbols for macho object format. ・ Added the --gprefix, --gpostfix, --lprefix, and --lpostfix command line options, to allow command line base symbol renaming. ・ Allow label renaming to be specified by %pragma in addition to from the command line. ・ Supported generic %pragma namespaces, output and debug. ・ Added the --pragma command line option to inject a %pragma directive. ・ Added the --before command line option to accept preprocess statement before input. ・ Added AVX512 VBMI2 (Additional Bit Manipulation), VNNI (Vector Neural Network), BITALG (Bit Algorithm), and GFNI (Galois Field New Instruction) instructions. ・ Added the STATIC directive for local symbols that should be renamed using global-symbol rules. ・ Allow a symbol to be defined as EXTERN and then later overridden as GLOBAL or COMMON. Furthermore, a symbol declared EXTERN and then defined will be treated as GLOBAL. ・ The GLOBAL directive no longer is required to precede the definition of the symbol. ・ Support private_extern as macho specific extension to the GLOBAL directive. ・ Updated UD0 encoding to match with the specification ・ Added the --limit-X command line option to set execution limits. ・ Updated the Codeview version number to be aligned with MASM. ・ Added the --keep-all command line option to preserve output files. ・ Added the --include command line option, an alias to -P. ・ Added the --help command line option as an alias to -h. ・ Added -W, -D, and -Q suffix aliases for RET instructions so the operand sizes of these instructions can be encoded without using o16, o32 or o64. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d246ca10179861ff355daeb30662d07d44c8964 commit 0d246ca10179861ff355daeb30662d07d44c8964 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-11-11 10:52:50 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-11-11 10:54:10 +0000 dev-lang/nasm: bump up to 2.14, bug #670884 Reported-by: Arfrever Frehtes Taifersar Arahesis Bug: https://bugs.gentoo.org/670884 Package-Manager: Portage-2.3.51, Repoman-2.3.12 Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> dev-lang/nasm/Manifest | 1 + dev-lang/nasm/nasm-2.14.ebuild | 52 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+)
"[#gentoo-toolchain 2019-01-18 20:53:33 UTC] <@slyfox> 2.14.02 is fine to go stable"
amd64 stable
x86 stable
This issue was resolved and addressed in GLSA 201903-19 at https://security.gentoo.org/glsa/201903-19 by GLSA coordinator Aaron Bauman (b-man).