Summary: | <sci-mathematics/pspp-1.6.2-r2: multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sci-mathematics |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 890706 | ||
Bug Blocks: |
Description
John Helmert III
2022-09-05 16:47:59 UTC
On both reports: "I fixed it, by preventing the program from being installed: https://git.savannah.gnu.org/cgit/pspp.git/commit/?id=8596d6eb21e40ffaf9321d1cb779333de3126b50. Maybe people will fuzz things that are worthwhile now rather than a program that no one uses." The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1542309301fd9e3f4e35c8685ef956b6f9f58377 commit 1542309301fd9e3f4e35c8685ef956b6f9f58377 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2022-12-31 16:52:55 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2023-01-01 14:27:06 +0000 sci-mathematics/pspp: new revision to fix a few security and QA issues. We fix CVE-2022-39831 and CVE-2022-39832 the same way upstream did, by refusing to install the vulnerable program (which was mainly only used for debugging anyway). We now also use a more accurate LICENSE, and add a patch to fix underlinking visible with lld/mold. Bug: https://bugs.gentoo.org/868618 Closes: https://bugs.gentoo.org/732048 Closes: https://bugs.gentoo.org/877751 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> .../pspp/files/pspp-1.6.2-underlinking.patch | 27 +++++++ sci-mathematics/pspp/pspp-1.6.2-r2.ebuild | 88 ++++++++++++++++++++++ 2 files changed, 115 insertions(+) Thanks! Please stable when ready. Upstream's rationale about impact seems reasonable so no GLSA. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e42bb93364b17252b6989b77566c9116e1ce7525 commit e42bb93364b17252b6989b77566c9116e1ce7525 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2023-01-23 20:55:25 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2023-01-23 20:58:23 +0000 sci-mathematics/pspp: drop 1.6.0-r1, 1.6.2-r1 Bug: https://bugs.gentoo.org/868618 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> sci-mathematics/pspp/Manifest | 1 - sci-mathematics/pspp/pspp-1.6.0-r1.ebuild | 82 ------------------------------ sci-mathematics/pspp/pspp-1.6.2-r1.ebuild | 84 ------------------------------- 3 files changed, 167 deletions(-) Thanks, all done. |