* CVE-2020-24241 Description: "In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c." Bug: https://bugzilla.nasm.us/show_bug.cgi?id=3392707 * CVE-2020-24242 Description: "In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory." Bug: https://bugzilla.nasm.us/show_bug.cgi?id=3392708
These are ostensibly against an rc version and I can't reproduce with 2.15.04 so we might not be affected.
(In reply to John Helmert III (ajak) from comment #1) > These are ostensibly against an rc version and I can't reproduce with > 2.15.04 so we might not be affected. Sorry, 2.14.02 is what appears unaffected.
Ping
It's not clear if you ping maintainers or security. If not specified otherwise I always assume assignee. It's also not clear what action you expect. Upstream bugs claim to fix both in problems in >=nasm-2.15.04.
(In reply to Sergei Trofimovich from comment #4) > It's not clear if you ping maintainers or security. If not specified > otherwise I always assume assignee. > > It's also not clear what action you expect. Sorry! It is unclear whether our versions in tree were ever affected. If not, we can just close this bug.
nasm-2.15.03 was probably last affected version (not in tree anymore).
(In reply to Sergei Trofimovich from comment #6) > nasm-2.15.03 was probably last affected version (not in tree anymore). Thanks!