Fedora alert FEDORA-2026-e153173659 (pspp)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: pspp-2.1.1-5.fc44 | |
| Date: | Sat, 25 Apr 2026 01:53:02 +0000 | |
| Message-ID: | <20260425015302.9F57B7973A@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-e153173659 2026-04-25 01:21:36.171409+00:00 -------------------------------------------------------------------------------- Name : pspp Product : Fedora 44 Version : 2.1.1 Release : 5.fc44 URL : https://www.gnu.org/software/pspp/ Summary : A program for statistical analysis of sampled data Description : PSPP is a program for statistical analysis of sampled data. It interprets commands in the SPSS language and produces tabular output in ASCII, PostScript, or HTML format. PSPP development is ongoing. It already supports a large subset of SPSS's transformation language. Its statistical procedure support is currently limited, but growing. -------------------------------------------------------------------------------- Update Information: Fix several low-priority CVEs Build with new Gnulib -------------------------------------------------------------------------------- ChangeLog: * Mon Mar 30 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-5 - Fix FTBFS * Mon Mar 30 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-4 - Fix bunch of low-priority CVEs * Mon Mar 23 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-3 - Fix for a recent gnulib * Tue Mar 10 2026 Peter Lemenkov <lemenkov@gmail.com> - 2.1.1-2 - Clarify how to get Smake file -------------------------------------------------------------------------------- References: [ 1 ] Bug #2364045 - CVE-2025-47229 pspp: denial of service via crafted input data in pspp [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2364045 [ 2 ] Bug #2365598 - CVE-2025-47815 pspp: PSPP: Heap Buffer Overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2365598 [ 3 ] Bug #2365601 - CVE-2025-47814 pspp: PSPP: Heap Buffer Overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2365601 [ 4 ] Bug #2367194 - CVE-2025-48188 pspp: Heap Buffer Over-Read in PSPP rijndaelDecrypt Function [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367194 [ 5 ] Bug #2367692 - CVE-2025-5001 pspp: GNU PSPP pspp-convert.c calloc integer overflow [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2367692 [ 6 ] Bug #2371375 - CVE-2025-5898 pspp: GNU PSPP pspp-convert.c parse_variables_option out-of-bounds write [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371375 [ 7 ] Bug #2371378 - CVE-2025-5899 pspp: GNU PSPP pspp-convert.c parse_variables_option free of memory not on the heap [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2371378 [ 8 ] Bug #2385429 - pspp: FTBFS in Fedora rawhide/f43 https://bugzilla.redhat.com/show_bug.cgi?id=2385429 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-e153173659' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new