Fedora alert FEDORA-2026-7b2964fc42 (pspp) [LWN.net]


From:
               updates--- via package-announce <package-announce@lists.fedoraproject.org>
To:
               package-announce@lists.fedoraproject.org
Subject:
               [SECURITY] Fedora 43 Update: pspp-2.1.1-5.fc43
Date:
               Wed, 08 Apr 2026 00:54:20 +0000
Message-ID:
               <20260408005420.3F6EF79710@bastion01.rdu3.fedoraproject.org>
Archive-link:
               Article
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2026-7b2964fc42
2026-04-08 00:52:24.173305+00:00
--------------------------------------------------------------------------------

Name        : pspp
Product     : Fedora 43
Version     : 2.1.1
Release     : 5.fc43
URL         : https://www.gnu.org/software/pspp/
Summary     : A program for statistical analysis of sampled data
Description :
PSPP is a program for statistical analysis of sampled data. It
interprets commands in the SPSS language and produces tabular
output in ASCII, PostScript, or HTML format.

PSPP development is ongoing. It already supports a large subset
of SPSS's transformation language. Its statistical procedure
support is currently limited, but growing.

--------------------------------------------------------------------------------
Update Information:

Fix several low-priority CVEs
Build with new Gnulib
--------------------------------------------------------------------------------
ChangeLog:

* Mon Mar 30 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-5
- Fix FTBFS
* Mon Mar 30 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-4
- Fix bunch of low-priority CVEs
* Mon Mar 23 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-3
- Fix for a recent gnulib
* Tue Mar 10 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-2
- Clarify how to get Smake file
* Sat Mar  7 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-1
- PSPP ver. 2.1.1
* Thu Mar  5 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.0-1
- PSPP ver. 2.1.0
* Mon Mar  2 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.0.1-11
- Fix build with more recent gettext
* Thu Feb 12 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.0.1-10
- Address CVE-2025-47229
* Sat Jan 17 2026 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild
* Fri Jul 25 2025 Fedora Release Engineering <releng@fedoraproject.org> - 2.0.1-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild
* Tue May 13 2025 Yaakov Selkowitz <yselkowi@redhat.com> - 2.0.1-7
- Fix flatpak build
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2364045 - CVE-2025-47229 pspp: denial of service via crafted input data in pspp
[fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2364045
  [ 2 ] Bug #2365598 - CVE-2025-47815 pspp: PSPP: Heap Buffer Overflow [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2365598
  [ 3 ] Bug #2365601 - CVE-2025-47814 pspp: PSPP: Heap Buffer Overflow [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2365601
  [ 4 ] Bug #2367194 - CVE-2025-48188 pspp: Heap Buffer Over-Read in PSPP rijndaelDecrypt Function
[fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2367194
  [ 5 ] Bug #2367692 - CVE-2025-5001 pspp: GNU PSPP pspp-convert.c calloc integer overflow
[fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2367692
  [ 6 ] Bug #2371375 - CVE-2025-5898 pspp: GNU PSPP pspp-convert.c parse_variables_option
out-of-bounds write [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2371375
  [ 7 ] Bug #2371378 - CVE-2025-5899 pspp: GNU PSPP pspp-convert.c parse_variables_option free of
memory not on the heap [fedora-42]
        https://bugzilla.redhat.com/show_bug.cgi?id=2371378
  [ 8 ] Bug #2385429 - pspp: FTBFS in Fedora rawhide/f43
        https://bugzilla.redhat.com/show_bug.cgi?id=2385429
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2026-7b2964fc42' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgr...

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

-- 
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond...
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/package-ann...
Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
From:		updates--- via package-announce <package-announce@lists.fedoraproject.org>
To:		package-announce@lists.fedoraproject.org
Subject:		[SECURITY] Fedora 43 Update: pspp-2.1.1-5.fc43
Date:		Wed, 08 Apr 2026 00:54:20 +0000
Message-ID:		<20260408005420.3F6EF79710@bastion01.rdu3.fedoraproject.org>
Archive-link:		Article