svn commit: r448512 - head/security/vuxml
Carlos J. Puga Medina
cpm at FreeBSD.org
Tue Aug 22 07:40:02 UTC 2017
Author: cpm
Date: Tue Aug 22 07:40:00 2017
New Revision: 448512
URL: https://svnweb.freebsd.org/changeset/ports/448512
Log:
Document vulnerabilities in math/pspp < 1.0.0
Obtained from: https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Aug 22 06:24:31 2017 (r448511)
+++ head/security/vuxml/vuln.xml Tue Aug 22 07:40:00 2017 (r448512)
@@ -58,6 +58,50 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="6876b163-8708-11e7-8568-e8e0b747a45a">
+ <topic>pspp -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>pspp</name>
+ <range><lt>1.0.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>CVE Details reports:</p>
+ <blockquote cite="https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html">
+ <ul>
+ <li>There is an Integer overflow in the hash_int function of the libpspp library
+ in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).</li>
+ <li>There is a NULL Pointer Dereference in the function ll_insert() of the libpspp
+ library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).</li>
+ <li>There is an illegal address access in the function output_hex() in data/data-out.c
+ of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12958).</li>
+ <li>There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c
+ of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack (CVE-2017-12959).</li>
+ <li>There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c
+ of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12960).</li>
+ <li>There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c
+ of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12961).</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-10791</cvename>
+ <cvename>CVE-2017-10792</cvename>
+ <cvename>CVE-2017-12958</cvename>
+ <cvename>CVE-2017-12959</cvename>
+ <cvename>CVE-2017-12960</cvename>
+ <cvename>CVE-2017-12961</cvename>
+ <url>https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html</url>
+ </references>
+ <dates>
+ <discovery>2017-08-18</discovery>
+ <entry>2017-08-22</entry>
+ </dates>
+ </vuln>
+
<vuln vid="473b6a9e-8493-11e7-b24b-6cf0497db129">
<topic>drupal -- Drupal Core - Multiple Vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list