[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Pspp-commits] [SCM] GNU PSPP branch, master, updated. v1.0.0-7-g62b5101
From: |
Ben Pfaff |
Subject: |
[Pspp-commits] [SCM] GNU PSPP branch, master, updated. v1.0.0-7-g62b5101 |
Date: |
Sun, 27 Aug 2017 15:37:45 -0400 (EDT) |
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU PSPP".
The branch, master has been updated
via 62b5101a28fc2c4a9b8b26a998fb6c4ec12d84c7 (commit)
via 7bf210c4fd179a22dd8c6a071f0b23f7ae4e14c2 (commit)
via f5e03ec7b8a217ef53ce0c77374cddc0dcd79fae (commit)
via feba48309a227fe40feb3a87cbe900015021ac73 (commit)
via 7891023bc75024553f2564017b685cdb13eeec33 (commit)
from f790dbda9d498eef9c9c0a49078adbeecf768d56 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 62b5101a28fc2c4a9b8b26a998fb6c4ec12d84c7
Author: Ben Pfaff <address@hidden>
Date: Sun Aug 27 12:31:05 2017 -0700
sys-file-reader: Avoid assert-fail for duplicate attribute names.
CVE-2017-12961.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1482436.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12961.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12961.
Found by team OWL337, using the collAFL fuzzer.
commit 7bf210c4fd179a22dd8c6a071f0b23f7ae4e14c2
Author: Ben Pfaff <address@hidden>
Date: Sun Aug 27 12:30:50 2017 -0700
sys-file-reader: Better handle duplicate names without long names.
The reader did not properly handle the case where variable short names
had duplicates and the system file did not include long names. In this
case, the reader still tried to use the (duplicate) short names as the
long names, which could in some cases cause a secondary name collision in
the no-long-names case in parse_long_var_names(), and assert-failed.
This commit first fixes the handling of duplicate short names: it sets
the long name to the unique chosen short name, instead of the original
duplicate short name. Then as an additional measure it refactors the code
a little to always handle duplicates in rename_var_and_save_short_names().
I am not sure that that is necessary but it's a little bit of a code
cleanup anyhow.
CVE-2017-12960.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1482433.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12960.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12960.
Found by team OWL337, using the collAFL fuzzer.
commit f5e03ec7b8a217ef53ce0c77374cddc0dcd79fae
Author: Ben Pfaff <address@hidden>
Date: Sun Aug 27 12:30:30 2017 -0700
sys-file-reader: Fully verify multiple response set names.
Until now, the code only checked the first character of the name, which
made it possible to assert-fail when the mrset was actually added.
CVE-2017-12959.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1482432.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12959.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12959.
Found by team OWL337, using the collAFL fuzzer.
commit feba48309a227fe40feb3a87cbe900015021ac73
Author: Ben Pfaff <address@hidden>
Date: Sun Aug 27 12:32:50 2017 -0700
data-out: Pass correct width to value_str() in output_AHEX().
AHEX16 is short enough to work as a short string, but output_AHEX() was
treating it as a long string, which caused string data to be dereferenced
as a pointer.
CVE-2017-12958.
See also https://bugzilla.redhat.com/show_bug.cgi?id=1482429.
See also http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-12958.
See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12958.
Found by team OWL337, using the collAFL fuzzer.
commit 7891023bc75024553f2564017b685cdb13eeec33
Author: Ben Pfaff <address@hidden>
Date: Sat Aug 26 16:33:01 2017 -0700
pspp-convert: Fix crash when the output file cannot be created.
-----------------------------------------------------------------------
Summary of changes:
NEWS | 5 +++++
src/data/attributes.c | 20 ++++++++++++++++---
src/data/attributes.h | 1 +
src/data/data-out.c | 2 +-
src/data/dictionary.c | 32 +++++++++++++++++++++---------
src/data/dictionary.h | 2 ++
src/data/sys-file-reader.c | 41 +++++++++++++++++++-------------------
tests/automake.mk | 1 +
tests/data/data-out.at | 19 ++++++++++++++++++
tests/data/sys-file-reader.at | 46 +++++++++++++++++++++++++++++++++++++++++--
utilities/pspp-convert.c | 2 ++
11 files changed, 136 insertions(+), 35 deletions(-)
hooks/post-receive
--
GNU PSPP
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Pspp-commits] [SCM] GNU PSPP branch, master, updated. v1.0.0-7-g62b5101,
Ben Pfaff <=