[SECURITY] [DLA 4234-1] catdoc security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4234-1] catdoc security update
From: Adrian Bunk <bunk@debian.org>
Date: Mon, 30 Jun 2025 14:05:37 +0300
Message-id: <[🔎] aGJvgf0H8l0QaYiX@localhost>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4234-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
June 30, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : catdoc
Version        : 1:0.95-4.1+deb11u1
CVE ID         : CVE-2024-48877 CVE-2024-52035 CVE-2024-54028
Debian Bug     : 1107168

Multiple vulnerabilities have been fixed in catdoc, a text extractor for 
MS-Office files.

CVE-2024-48877

    memory corruption

CVE-2024-52035

    integer overflow

CVE-2024-54028

    integer underflow

For Debian 11 bullseye, these problems have been fixed in version
1:0.95-4.1+deb11u1.

We recommend that you upgrade your catdoc packages.

For the detailed security status of catdoc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/catdoc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmhib4EACgkQiNJCh6LY
mLGyTBAAwLp+iF+efnyC8rSgQscjlUwRCiSWC3sAxotQPgKvvyRz2umCHyKECnvL
4ZSEJAd/YPMzdaW/0FcwDS+0KlrC4j9JAmd8aeBtXbdVl7Y3EJ0QaIDggLKbUINi
ZE1FQq5uhIrFyRDkrGmMYmCgEx7v/CltYtCNipLdx0OV/ztPEeTcFwaocjAuzt5m
CjuhOZpVW+Ml3YbuejYeuN77SdMKWOaBWSCEq5qc+QkWksIgiP468SK6WUCyj2Cm
M5x86waYuFKegzNBtodD8jay6iLYvYhQfuDgB5B4Inf1Dy91lC8En5oNw5meMMWf
9tD1oitafMOgFvhO4CNJ57MylUISHVEBH7iCiZaJNySykzMN3sXB6RbCD+ZCXHJl
kLfl+/B2QVVHwE/0NmDcfya6KjTe5VcsliVdhDPISwXtfAeIh7GG95lwK1DQKz/n
vu+vOm2F0R4T1PzQ2RhIUcG4OTFjZvb087jmRwqKkNr7Thot0qyDSKmMuxQrQV+9
59BkSaiZumYG9RYZWSqxwge0t60vKMWJY3OSOrxz7ElEP8u5zfNoz9uu4J1l7pdC
dWbnC0qxawrYgDPaYfN2UOZlnWywoL9KxW3Wrfc0vYqYCkzA0r4RmIq6aOmcEToR
eQSTS89H4JJeBDkk27nVJebvxLJ4VClYwfBbQ+6mmxTUwXzdGaQ=
=tPAD
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4233-1] nagvis security update
Next by Date: [SECURITY] [DLA 4235-1] sudo security update
Previous by thread: [SECURITY] [DLA 4233-1] nagvis security update
Next by thread: [SECURITY] [DLA 4235-1] sudo security update
Index(es):
- Date
- Thread