It's impossible to keep up with these things. It takes the people filing them no work at all to generate more, whereas it takes a lot of effort to find and fix them.
This is one reason I embarked last year on rewriting PSPP in Rust. I haven't talked about it here because I was not sure that it would produce anything useful. It is still not "useful", but it's getting to the point where I'm a little more confident that it will be. Anyone interested can clone git://benpfaff.org/pspp and check out the "rust" branch. On Wed, May 28, 2025 at 3:51 AM Friedrich Beckmann <friedrich.beckm...@posteo.de> wrote: > > The plan to not release pspp-convert and friends did not stop the > fuzzerfriends to file CVEs against libpspp-core. Today we have six new CVE > bugs filed in debian. 5 are for pspp-convert or pspp-output and one is for > pspp. > > https://bugs.debian.org/cgi-bin/pkgreport.cgi?src=pspp > > > >
