yasm 1.3.0.55.g101bc was discovered to contain a segmentation violation via the function delete_Token at /nasm/nasm-pp.c. References: https://github.com/yasm/yasm/issues/216 https://github.com/z1r00/fuzz_vuln/blob/main/yasm/segv/delete_Token/readme.md
Created yasm tracking bugs for this issue: Affects: epel-all [bug 2186335] Affects: fedora-all [bug 2186334]
Why is this a security issue? Assemblers are not a service and shouldn't be required to accept untrusted input.
As far as I can see, this CVE was not assigned by us, but by Mitre and since it was published, we have to file the bug nonetheless. Any requests to reject this CVE ID have to be directed to Mitre via cveform: https://cveform.mitre.org/
Thanks for the link, rejection request sent.