Re: FreeXL 1.0.2 - multiplication overflow on 32 bit platforms
On Sun, Jul 19, 2015 at 12:42:41PM +0200, Sebastiaan Couwenberg wrote:
> On 07/19/2015 12:04 PM, Moritz Mühlenhoff wrote:
> > On Wed, Jul 15, 2015 at 10:35:25PM +0200, Sebastiaan Couwenberg wrote:
> >> Dear Security Team,
> >>
> >> FreeXL 1.0.2 was released yesterday, it fixes a recently discovered
> >> security issue. To quote the release announcement:
> >>
> >> "
> >> RedHat maintainers recently discovered a potential security breach
> >> caused by the current version of FreeXL.
> >>
> >> This issue is not very like to happen under ordinary conditions, anyway
> >> a purposely forged XLS document could effectively cause a
> >> multiplication overflow on 32 bit platforms, and this in turn will
> >> subsequently cause a dangerous crash due to an incorrectly sized
> >> memory allocation.
> >> freexl-1.0.2 definitely fixes the issue.
> >> "
> >>
> >> https://groups.google.com/d/msg/spatialite-users/UZ7ivR6ASV0/K_8bjP1or_IJ
> >>
> >> I've uploaded freexl (1.0.2-1) to unstable today, and I've backported
> >> the fix to freexl (1.0.0g-1+deb8u2) and freexl (1.0.0b-1+deb7u2) for
> >> jessie & wheezy respectively. The changes are available in git:
> >>
> >> http://anonscm.debian.org/cgit/pkg-grass/freexl.git/log/?h=jessie
> >> http://anonscm.debian.org/cgit/pkg-grass/freexl.git/log/?h=wheezy
> >>
> >> Are these OK to upload?
> >
> > Yes, please upload to security-master. Since there have been freexl DSAs
> > for wheezy and jessie before, they don't need to built with "-sa" this
> > time.
>
> Thanks, uploaded.
Sorry, I was confused by the version number for jessie, while named
1.0.0g-1+deb8u1 it was actually uploaded to unstable before the freeze.
As a consequence dak rejected the upload, it does need to be rebuild with
"-sa", sorry for the mixup.
Cheers,
Moritz
Reply to: