A flaw was found in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2. A NULL pointer deference in the addsn function in serialno.c in libbibcore.a in bibutils through 6.2 allows remote attackers to cause a denial of service (application crash), as demonstrated by copac2xml. References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898135
Created bibutils tracking bugs for this issue: Affects: epel-all [bug 1577261] Affects: fedora-all [bug 1577259] Created ghc-hs-bibutils tracking bugs for this issue: Affects: epel-all [bug 1577262] Affects: fedora-all [bug 1577260]
ghc-hakyll-4.10.0.0-3.fc28, ghc-hs-bibutils-6.6.0.0-1.fc28, pandoc-citeproc-0.12.2.5-4.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.