Date: Tue, 22 Aug 2017 07:40:00 +0000 (UTC) From: "Carlos J. Puga Medina" <cpm@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r448512 - head/security/vuxml Message-ID: <201708220740.v7M7e0nk066754@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cpm Date: Tue Aug 22 07:40:00 2017 New Revision: 448512 URL: https://svnweb.freebsd.org/changeset/ports/448512 Log: Document vulnerabilities in math/pspp < 1.0.0 Obtained from: https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Tue Aug 22 06:24:31 2017 (r448511) +++ head/security/vuxml/vuln.xml Tue Aug 22 07:40:00 2017 (r448512) @@ -58,6 +58,50 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="6876b163-8708-11e7-8568-e8e0b747a45a"> + <topic>pspp -- multiple vulnerabilities</topic> + <affects> + <package> + <name>pspp</name> + <range><lt>1.0.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>CVE Details reports:</p> + <blockquote cite="https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html">; + <ul> + <li>There is an Integer overflow in the hash_int function of the libpspp library + in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).</li> + <li>There is a NULL Pointer Dereference in the function ll_insert() of the libpspp + library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).</li> + <li>There is an illegal address access in the function output_hex() in data/data-out.c + of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12958).</li> + <li>There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c + of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack (CVE-2017-12959).</li> + <li>There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c + of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12960).</li> + <li>There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c + of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12961).</li> + </ul> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-10791</cvename> + <cvename>CVE-2017-10792</cvename> + <cvename>CVE-2017-12958</cvename> + <cvename>CVE-2017-12959</cvename> + <cvename>CVE-2017-12960</cvename> + <cvename>CVE-2017-12961</cvename> + <url>https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html</url>; + </references> + <dates> + <discovery>2017-08-18</discovery> + <entry>2017-08-22</entry> + </dates> + </vuln> + <vuln vid="473b6a9e-8493-11e7-b24b-6cf0497db129"> <topic>drupal -- Drupal Core - Multiple Vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201708220740.v7M7e0nk066754>