[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Pspp-commits] [SCM] GNU PSPP branch, master, updated. v0.10.5-pre2-2-g4
|
From: |
Ben Pfaff |
|
Subject: |
[Pspp-commits] [SCM] GNU PSPP branch, master, updated. v0.10.5-pre2-2-g41c6f54 |
|
Date: |
Tue, 4 Jul 2017 12:59:28 -0400 (EDT) |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU PSPP".
The branch, master has been updated
via 41c6f5447941e5d36d0554ba874671649353752f (commit)
via bf03b53a3c0f0d1066062f37919015a8fa6ad436 (commit)
from e157cc5ad11e3f7ae96cbbac5ec21dc57726c9aa (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 41c6f5447941e5d36d0554ba874671649353752f
Author: Ben Pfaff <address@hidden>
Date: Tue Jul 4 12:58:55 2017 -0400
sys-file-reader: Fix integer overflows in
parse_long_string_missing_values().
Crafted system files caused integer overflow errors that in turn caused
aborts. This fixes the problem.
CVE-2017-10791.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1467004.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
See also https://security-tracker.debian.org/tracker/CVE-2017-10791.
Found by team OWL337, using the collAFL fuzzer.
commit bf03b53a3c0f0d1066062f37919015a8fa6ad436
Author: Ben Pfaff <address@hidden>
Date: Tue Jul 4 12:54:47 2017 -0400
sys-file-reader: Avoid null dereference skipping bad extension record 18.
read_record() assumed that read_extension_record() never set its output
argument to NULL when it returned true, but this is possible in an error
case.
CVE-2017-10792.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1467005.
See also https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866890.
See also https://security-tracker.debian.org/tracker/CVE-2017-10792.
Reported by team OWL337, with fuzzer collAFL.
-----------------------------------------------------------------------
Summary of changes:
src/data/sys-file-reader.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
hooks/post-receive
--
GNU PSPP
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Pspp-commits] [SCM] GNU PSPP branch, master, updated. v0.10.5-pre2-2-g41c6f54,
Ben Pfaff <=