public inbox for git-commits@fedoraproject.org
help / color / mirror / Atom feed
From: Dominik 'Rathann' Mierzejewski <dominik@greysector.net>
To: git-commits@fedoraproject.org
Subject: [rpms/nasm] f44: fix CVE-2026-6067 (resolves rhbz#2458087, rhbz#2458089)
Date: Fri, 05 Jun 2026 11:08:57 GMT [thread overview]
Message-ID: <178065773729.1.5647587289029828997.rpms-nasm-2d38ec314f6f@fedoraproject.org> (raw)
A new commit has been pushed.
Repo : rpms/nasm
Branch : f44
Commit : 2d38ec314f6fbe0096fbdae8b356c7af11f12acb
Author : Dominik 'Rathann' Mierzejewski <dominik@greysector.net>
Date : 2026-04-22T23:05:02+02:00
Stats : +23/-1 in 2 file(s)
URL : https://src.fedoraproject.org/rpms/nasm/c/2d38ec314f6fbe0096fbdae8b356c7af11f12acb?branch=f44
Log:
fix CVE-2026-6067 (resolves rhbz#2458087, rhbz#2458089)
- patch by Nick Clifton
---
diff --git a/nasm-CVE-2026-6067.patch b/nasm-CVE-2026-6067.patch
new file mode 100644
index 0000000..f86b67a
--- /dev/null
+++ b/nasm-CVE-2026-6067.patch
@@ -0,0 +1,16 @@
+diff -up nasm-3.01/output/outobj.c.orig nasm-3.01/output/outobj.c
+--- nasm-3.01/output/outobj.c.orig 2025-10-11 08:44:05.000000000 +0200
++++ nasm-3.01/output/outobj.c 2026-04-22 22:49:34.013483632 +0200
+@@ -1736,6 +1736,12 @@ obj_directive(enum directive directive,
+ */
+ continue;
+ }
++ if (grp->nentries >= GROUP_MAX)
++ {
++ /* Issue 203 aka CVE-2026-6067. */
++ nasm_nonfatal("too many segments in a group");
++ return DIRR_ERROR;
++ }
+ for (seg = seghead; seg; seg = seg->next)
+ if (!strcmp(seg->name, p))
+ break;
diff --git a/nasm.spec b/nasm.spec
index e96b7df..fa9d33a 100644
--- a/nasm.spec
+++ b/nasm.spec
@@ -9,11 +9,13 @@
Summary: A portable x86 assembler which uses Intel-like syntax
Name: nasm
Version: 3.01
-Release: 2%{?dist}
+Release: 3%{?dist}
License: BSD-2-Clause
URL: http://www.nasm.us
Source0: https://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}.tar.xz
Source1: https://www.nasm.us/pub/nasm/releasebuilds/%{version}/%{name}-%{version}-xdoc.tar.xz
+# https://github.com/netwide-assembler/nasm/issues/203
+Patch0: nasm-CVE-2026-6067.patch
BuildRequires: perl(Env)
BuildRequires: autoconf
@@ -84,6 +86,10 @@ make -C test golden test diff
%endif
%changelog
+* Wed Apr 22 2026 Dominik Mierzejewski <rpm@greysector.net> - 3.01-3
+- fix CVE-2026-6067 (resolves rhbz#2458087, rhbz#2458089)
+ patch by Nick Clifton
+
* Fri Jan 16 2026 Fedora Release Engineering <releng@fedoraproject.org> - 3.01-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
reply other threads:[~2026-06-05 11:08 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=178065773729.1.5647587289029828997.rpms-nasm-2d38ec314f6f@fedoraproject.org \
--to=dominik@greysector.net \
--cc=git-commits@fedoraproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox