[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: recent PSPP vulnerability reports

From: John Darrington
Subject: Re: recent PSPP vulnerability reports
Date: Mon, 28 Aug 2017 12:40:00 +0200
User-agent: Mutt/1.5.23 (2014-03-12)

On Sun, Aug 27, 2017 at 04:18:46PM -0700, Ben Pfaff wrote:
     Thanks for reporting a number of bugs related to vulnerabilities in PSPP
     lately.  However, so far you have only reported these bugs downstream,
     to Red Hat and SuSE.  Please first report them to the project itself
     directly, at address@hidden or via, or if
     you believe that they are serious vulnerabilities then privately to me
     or to John Darrington <address@hidden>.  This will allow
     the bugs to be fixed more quickly since the PSPP developers find out
     about them immediately, not just from downstream packagers.

Also, I think that describing these bugs as "remote denial of service" vectors, 
is a little exaggerated.   As I see it, the worst that can happen is that cause 
is that PSPP will crash when presented with specially crafted files.

But thanks for identifying and reporting these issues anyway.


Avoid eavesdropping.  Send strong encrypted email.
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See or any PGP keyserver for public key.

Attachment: signature.asc
Description: Digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]