I applied fixes for both of these bugs to the PSPP repository, as the
following commits. The fixes will be in the next PSPP release.
commit 41c6f5447941e5d36d0554ba874671649353752f
Author: Ben Pfaff
Date: Tue Jul 4 12:58:55 2017 -0400
sys-file-reader: Fix integer
Hi Ben,
my understanding is that they bring up two different problems.
For
https://bugzilla.redhat.com/show_bug.cgi?id=1467004 (Hash Function)
the argument is that shift operations and overflows are undefined or
implementation dependent for signed integers as used in the hash function.
The attribution of the problem to the hash function is probably wrong,
since that function is purely combinatorial logic, but the report as a
whole is right because the attachment in the bug report at
https://bugzilla.redhat.com/show_bug.cgi?id=1467004 does cause
pspp-convert to assert-fail.
I'm
Hi John,
> Am 04.07.2017 um 07:10 schrieb John Darrington :
>
> On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote:
> Hi John,
>
> today I looked a little bit at the hash function. I think the problem is
> that compared to
> the
On Mon, Jul 03, 2017 at 11:37:30PM +0200, Friedrich Beckmann wrote:
Hi John,
today I looked a little bit at the hash function. I think the problem is
that compared to
the referenced code the x parameter is type int instead of unsigned int.
Googling around the
overflow
Dear Friedrich,
We are using smart fuzzing to test open source applications, including
pspp. Our tool collAFL is an enhanced version of AFL.
The core of AFL is an genetic algorithm to automatically discover
interesting test cases that trigger new internal states in the targeted
application,
Hi John,
today I looked a little bit at the hash function. I think the problem is that
compared to
the referenced code the x parameter is type int instead of unsigned int.
Googling around the
overflow behavior of signed and the shift right of signed is not defined in the
c standard
although
I suspect this report is mistaken. But this bit is Ben's code, so I'll let him
comment on
that.
J'
On Mon, Jul 03, 2017 at 07:22:57AM +0200, Friedrich Beckmann wrote:
Dear owl337 team,
thanks for looking at pspp and finding the security problems
Dear owl337 team,
thanks for looking at pspp and finding the security problems
https://security-tracker.debian.org/tracker/CVE-2017-10791
and
https://security-tracker.debian.org/tracker/CVE-2017-10792
in pspp! Your reports are quite detailed. Could you describe how you found the
problems,
9 matches
Mail list logo