Bug#876001: libwpd: CVE-2017-14226

To: Salvatore Bonaccorso <carnil@debian.org>, 876001@bugs.debian.org
Cc: team@security.debian.org
Subject: Bug#876001: libwpd: CVE-2017-14226
From: Rene Engelhard <rene@debian.org>
Date: Sun, 17 Sep 2017 13:59:20 +0200
Message-id: <[🔎] 20170917115920.GA10116@rene-engelhard.de>
Reply-to: Rene Engelhard <rene@debian.org>, 876001@bugs.debian.org
In-reply-to: <[🔎] 150563802622.19433.2255460576917032537.reportbug@eldamar.local>
References: <[🔎] 150563802622.19433.2255460576917032537.reportbug@eldamar.local> <[🔎] 150563802622.19433.2255460576917032537.reportbug@eldamar.local>

Hi,


On Sun, Sep 17, 2017 at 10:47:06AM +0200, Salvatore Bonaccorso wrote:
> Source: libwpd
> Version: 0.10.1-5
> Severity: important
> Tags: patch security upstream
> Forwarded: https://sourceforge.net/p/libwpd/tickets/14/
> 
> Hi,
> 
> the following vulnerability was published for libwpd.
>
> CVE-2017-14226[0]:
[...]

fixed in 0.10.2-1 for sid. Want this fixed as DSAs for jessie/stretch?

Prepared packages. Debdiffs attached...

Regards,

Rene

diff -Nru libwpd-0.10.1/debian/changelog libwpd-0.10.1/debian/changelog
--- libwpd-0.10.1/debian/changelog	2016-09-12 22:58:36.000000000 +0200
+++ libwpd-0.10.1/debian/changelog	2017-09-17 13:20:30.000000000 +0200
@@ -1,3 +1,10 @@
+libwpd (0.10.1-5+deb9u1) stretch; urgency=medium
+
+  * debian/patches/libwpd-tdf112269.diff: backport patch to fix
+    CVE-2017-14226 (closes: #876001)
+
+ -- Rene Engelhard <rene@debian.org>  Sun, 17 Sep 2017 13:20:30 +0200
+
 libwpd (0.10.1-5) unstable; urgency=medium
 
   * [7d35591] move Maintainer: to Debian LibreOffice Maintainers
diff -Nru libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff
--- libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff	1970-01-01 01:00:00.000000000 +0100
+++ libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff	2017-09-17 13:20:30.000000000 +0200
@@ -0,0 +1,43 @@
+--- libwpd/src/lib/WP5StylesListener.cpp
++++ libwpd/src/lib/WP5StylesListener.cpp
+@@ -85,8 +85,9 @@
+ 		m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ 		m_currentPage.setPageSpan(1);
+ 
+-		for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+-		        HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++		std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++		for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++		        HFiter != headerFooterList.end(); ++HFiter)
+ 		{
+ 			if ((*HFiter).getOccurrence() != NEVER)
+ 			{
+--- libwpd/src/lib/WP42StylesListener.cpp
++++ libwpd/src/lib/WP42StylesListener.cpp
+@@ -84,8 +84,9 @@
+ 			m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ 			m_currentPage.setPageSpan(1);
+ 
+-			for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+-			        HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++			std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++			for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++			        HFiter != headerFooterList.end(); ++HFiter)
+ 			{
+ 				if ((*HFiter).getOccurrence() != NEVER)
+ 				{
+--- libwpd/src/lib/WP1StylesListener.cpp
++++ libwpd/src/lib/WP1StylesListener.cpp
+@@ -83,8 +83,9 @@
+ 			m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ 			m_currentPage.setPageSpan(1);
+ 
+-			for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+-			        HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++			std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++			for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++			        HFiter != headerFooterList.end(); ++HFiter)
+ 			{
+ 				if ((*HFiter).getOccurrence() != NEVER)
+ 				{
+
diff -Nru libwpd-0.10.1/debian/patches/series libwpd-0.10.1/debian/patches/series
--- libwpd-0.10.1/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libwpd-0.10.1/debian/patches/series	2017-09-17 13:20:30.000000000 +0200
@@ -0,0 +1 @@
+libwpd-tdf112269.diff

diff -Nru libwpd-0.10.0/debian/changelog libwpd-0.10.0/debian/changelog
--- libwpd-0.10.0/debian/changelog	2014-08-08 00:36:00.000000000 +0200
+++ libwpd-0.10.0/debian/changelog	2017-09-17 13:20:30.000000000 +0200
@@ -1,3 +1,10 @@
+libwpd (0.10.0-2+deb8u1) jessie; urgency=medium
+
+  * debian/patches/libwpd-tdf112269.diff: backport patch to fix
+    CVE-2017-14226 (closes: #876001)
+
+ -- Rene Engelhard <rene@debian.org>  Sun, 17 Sep 2017 13:20:30 +0200
+
 libwpd (0.10.0-2) unstable; urgency=low
 
   * upload to unstable
diff -Nru libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff
--- libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff	1970-01-01 01:00:00.000000000 +0100
+++ libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff	2017-09-17 13:20:30.000000000 +0200
@@ -0,0 +1,43 @@
+--- libwpd/src/lib/WP5StylesListener.cpp
++++ libwpd/src/lib/WP5StylesListener.cpp
+@@ -85,8 +85,9 @@
+ 		m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ 		m_currentPage.setPageSpan(1);
+ 
+-		for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+-		        HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++		std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++		for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++		        HFiter != headerFooterList.end(); ++HFiter)
+ 		{
+ 			if ((*HFiter).getOccurrence() != NEVER)
+ 			{
+--- libwpd/src/lib/WP42StylesListener.cpp
++++ libwpd/src/lib/WP42StylesListener.cpp
+@@ -84,8 +84,9 @@
+ 			m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ 			m_currentPage.setPageSpan(1);
+ 
+-			for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+-			        HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++			std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++			for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++			        HFiter != headerFooterList.end(); ++HFiter)
+ 			{
+ 				if ((*HFiter).getOccurrence() != NEVER)
+ 				{
+--- libwpd/src/lib/WP1StylesListener.cpp
++++ libwpd/src/lib/WP1StylesListener.cpp
+@@ -83,8 +83,9 @@
+ 			m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ 			m_currentPage.setPageSpan(1);
+ 
+-			for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+-			        HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++			std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++			for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++			        HFiter != headerFooterList.end(); ++HFiter)
+ 			{
+ 				if ((*HFiter).getOccurrence() != NEVER)
+ 				{
+
diff -Nru libwpd-0.10.0/debian/patches/series libwpd-0.10.0/debian/patches/series
--- libwpd-0.10.0/debian/patches/series	1970-01-01 01:00:00.000000000 +0100
+++ libwpd-0.10.0/debian/patches/series	2017-09-17 13:20:30.000000000 +0200
@@ -0,0 +1 @@
+libwpd-tdf112269.diff

Reply to:

Follow-Ups:
- Bug#876001: libwpd: CVE-2017-14226
  - From: Rene Engelhard <rene@debian.org>

References:
- Bug#876001: libwpd: CVE-2017-14226
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: libfreehand_0.1.2-2_source.changes ACCEPTED into unstable
Next by Date: Bug#876001: libwpd: CVE-2017-14226
Previous by thread: Bug#876001: CVE-2017-14226
Next by thread: Bug#876001: libwpd: CVE-2017-14226
Index(es):
- Date
- Thread