[SCM] LibreOffice packaging repository branch, master, updated. libreoffice_3.5.4-5-5-ga930094

To: debian-openoffice@lists.debian.org
Subject: [SCM] LibreOffice packaging repository branch, master, updated. libreoffice_3.5.4-5-5-ga930094
From: "Rene Engelhard" <rene@debian.org>
Date: Thu, 19 Jul 2012 09:23:13 +0000
Message-id: <[🔎] E1Srmwz-0006pW-LP@vasks.debian.org>

The following commit has been merged in the master branch:
commit 083a70509170d8e423ce838d03a017f0b5465853
Author: Rene Engelhard <rene@debian.org>
Date:   Mon Jul 2 17:52:28 2012 +0200

    debian/patches/CVE-2012-2334-clip-max-entries.diff: add additional fix for CVE-2012-2334 from Florian Weimer which we missed to apply so far...

diff --git a/changelog b/changelog
index d227920..e003d28 100644
--- a/changelog
+++ b/changelog
@@ -1,8 +1,11 @@
-libreoffice (1:3.5.4-6) UNRELEASED; urgency=low
+libreoffice (1:3.5.4-6) UNRELEASED; urgency=high
+
+  * debian/patches/CVE-2012-2334-clip-max-entries.diff: add additional
+    fix for CVE-2012-2334 from Florian Weimer which we missed to apply
+    so far..
 
   * debian/templates/soffice-template.desktop.in: fix Icon= (remove
     obsolete 3), thanks Miros◈aw Zalewski (closes: #678313)
-
   * debian/control.in: make -filter-mobiledev Break libreoffice-core
     (<< 1:3.5~) (closes: #633929)
 
diff --git a/patches/CVE-2012-2334-clip-max-entries.diff b/patches/CVE-2012-2334-clip-max-entries.diff
new file mode 100644
index 0000000..c27939d
--- /dev/null
+++ b/patches/CVE-2012-2334-clip-max-entries.diff
@@ -0,0 +1,23 @@
+From 63dbfa8386159c2f22b7e3ef786f3c93fd4217aa Mon Sep 17 00:00:00 2001
+From: Caolán McNamara <caolanm@redhat.com>
+Date: Mon, 28 May 2012 15:13:09 +0000
+Subject: clip max entries
+
+Signed-off-by: Petr Mladek <pmladek@suse.cz>
+---
+diff --git a/filter/source/msfilter/msdffimp.cxx b/filter/source/msfilter/msdffimp.cxx
+index 3107635..56234e2 100644
+--- a/filter/source/msfilter/msdffimp.cxx
++++ b/filter/source/msfilter/msdffimp.cxx
+@@ -6049,6 +6049,9 @@ void SvxMSDffManager::GetFidclData( sal_uInt32 nOffsDggL )
+                         "escher", "FIDCL list longer than remaining bytes, ppt or parser is wrong");
+                     mnIdClusters = std::min(nMaxEntriesPossible, static_cast<sal_Size>(mnIdClusters));
+ 
++                    sal_Size nMaxEntriesAllocatable = SAL_MAX_INT32 / sizeof(FIDCL);
++                    mnIdClusters = std::min(nMaxEntriesAllocatable, static_cast<sal_Size>(mnIdClusters));
++
+                     mpFidcls = new FIDCL[ mnIdClusters ];
+                     memset(mpFidcls, 0, mnIdClusters * sizeof(FIDCL));
+                     for (sal_uInt32 i = 0; i < mnIdClusters; ++i)
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/patches/series b/patches/series
index bf04e42..515bd56 100644
--- a/patches/series
+++ b/patches/series
@@ -41,3 +41,4 @@ fix-signed-char-mess.diff
 make-shortcuts-in-menus-localized-again.diff
 fix-legacy-report-opening.diff
 evolution-3.4.diff
+CVE-2012-2334-clip-max-entries.diff

-- 
LibreOffice packaging repository

Reply to:

Prev by Date: [SCM] LibreOffice packaging repository branch, master, updated. libreoffice_3.5.4-5-5-ga930094
Next by Date: Bug#681741: libreoffice: LibreOffice user installation could not be processed etc.
Previous by thread: [SCM] LibreOffice packaging repository branch, master, updated. libreoffice_3.5.4-5-5-ga930094
Next by thread: Bug#682119: LibreOffice-writer: conditional text based on database fields doesn't appear to work
Index(es):
- Date
- Thread