Document vulnerabilities in math/pspp < 1.0.0

Obtained from: https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html
svn path=/head/; revision=448512
2024-10-18 19:49:40 +00:00 · 2017-08-22 07:40:00 +00:00 · 2017-08-22 07:40:00 +00:00 · 531bedea7c · 2021-03-31 03:12:20 +00:00
commit 531bedea7c
parent ffcbb06f90
1 changed files with 44 additions and 0 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -58,6 +58,50 @@ Notes:
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="6876b163-8708-11e7-8568-e8e0b747a45a">
+    <topic>pspp -- multiple vulnerabilities</topic>
+    <affects>
+      <package>
+	<name>pspp</name>
+	<range><lt>1.0.0</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>CVE Details reports:</p>
+	<blockquote cite="https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html">
+	  <ul>
+	    <li>There is an Integer overflow in the hash_int function of the libpspp library
+	      in GNU PSPP 0.10.5-pre2 (CVE-2017-10791).</li>
+	    <li>There is a NULL Pointer Dereference in the function ll_insert() of the libpspp
+	      library in GNU PSPP 0.10.5-pre2 (CVE-2017-10792).</li>
+	    <li>There is an illegal address access in the function output_hex() in data/data-out.c
+	      of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12958).</li>
+	    <li>There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c
+	      of the libpspp library in GNU PSPP 0.11.0 that will lead to a remote denial of service attack (CVE-2017-12959).</li>
+	    <li>There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c
+	      of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12960).</li>
+	    <li>There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c
+	      of the libpspp library in GNU PSPP 0.11.0 that will lead to remote denial of service (CVE-2017-12961).</li>
+	  </ul>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2017-10791</cvename>
+      <cvename>CVE-2017-10792</cvename>
+      <cvename>CVE-2017-12958</cvename>
+      <cvename>CVE-2017-12959</cvename>
+      <cvename>CVE-2017-12960</cvename>
+      <cvename>CVE-2017-12961</cvename>
+      <url>https://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-38732/year-2017/GNU-Pspp.html</url>
+    </references>
+    <dates>
+      <discovery>2017-08-18</discovery>
+      <entry>2017-08-22</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="473b6a9e-8493-11e7-b24b-6cf0497db129">
    <topic>drupal -- Drupal Core - Multiple Vulnerabilities</topic>
    <affects>