Bug#876001: libwpd: CVE-2017-14226
Hi,
On Sun, Sep 17, 2017 at 10:47:06AM +0200, Salvatore Bonaccorso wrote:
> Source: libwpd
> Version: 0.10.1-5
> Severity: important
> Tags: patch security upstream
> Forwarded: https://sourceforge.net/p/libwpd/tickets/14/
>
> Hi,
>
> the following vulnerability was published for libwpd.
>
> CVE-2017-14226[0]:
[...]
fixed in 0.10.2-1 for sid. Want this fixed as DSAs for jessie/stretch?
Prepared packages. Debdiffs attached...
Regards,
Rene
diff -Nru libwpd-0.10.1/debian/changelog libwpd-0.10.1/debian/changelog
--- libwpd-0.10.1/debian/changelog 2016-09-12 22:58:36.000000000 +0200
+++ libwpd-0.10.1/debian/changelog 2017-09-17 13:20:30.000000000 +0200
@@ -1,3 +1,10 @@
+libwpd (0.10.1-5+deb9u1) stretch; urgency=medium
+
+ * debian/patches/libwpd-tdf112269.diff: backport patch to fix
+ CVE-2017-14226 (closes: #876001)
+
+ -- Rene Engelhard <rene@debian.org> Sun, 17 Sep 2017 13:20:30 +0200
+
libwpd (0.10.1-5) unstable; urgency=medium
* [7d35591] move Maintainer: to Debian LibreOffice Maintainers
diff -Nru libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff
--- libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff 1970-01-01 01:00:00.000000000 +0100
+++ libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff 2017-09-17 13:20:30.000000000 +0200
@@ -0,0 +1,43 @@
+--- libwpd/src/lib/WP5StylesListener.cpp
++++ libwpd/src/lib/WP5StylesListener.cpp
+@@ -85,8 +85,9 @@
+ m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ m_currentPage.setPageSpan(1);
+
+- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++ HFiter != headerFooterList.end(); ++HFiter)
+ {
+ if ((*HFiter).getOccurrence() != NEVER)
+ {
+--- libwpd/src/lib/WP42StylesListener.cpp
++++ libwpd/src/lib/WP42StylesListener.cpp
+@@ -84,8 +84,9 @@
+ m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ m_currentPage.setPageSpan(1);
+
+- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++ HFiter != headerFooterList.end(); ++HFiter)
+ {
+ if ((*HFiter).getOccurrence() != NEVER)
+ {
+--- libwpd/src/lib/WP1StylesListener.cpp
++++ libwpd/src/lib/WP1StylesListener.cpp
+@@ -83,8 +83,9 @@
+ m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ m_currentPage.setPageSpan(1);
+
+- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++ HFiter != headerFooterList.end(); ++HFiter)
+ {
+ if ((*HFiter).getOccurrence() != NEVER)
+ {
+
diff -Nru libwpd-0.10.1/debian/patches/series libwpd-0.10.1/debian/patches/series
--- libwpd-0.10.1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libwpd-0.10.1/debian/patches/series 2017-09-17 13:20:30.000000000 +0200
@@ -0,0 +1 @@
+libwpd-tdf112269.diff
diff -Nru libwpd-0.10.0/debian/changelog libwpd-0.10.0/debian/changelog
--- libwpd-0.10.0/debian/changelog 2014-08-08 00:36:00.000000000 +0200
+++ libwpd-0.10.0/debian/changelog 2017-09-17 13:20:30.000000000 +0200
@@ -1,3 +1,10 @@
+libwpd (0.10.0-2+deb8u1) jessie; urgency=medium
+
+ * debian/patches/libwpd-tdf112269.diff: backport patch to fix
+ CVE-2017-14226 (closes: #876001)
+
+ -- Rene Engelhard <rene@debian.org> Sun, 17 Sep 2017 13:20:30 +0200
+
libwpd (0.10.0-2) unstable; urgency=low
* upload to unstable
diff -Nru libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff
--- libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff 1970-01-01 01:00:00.000000000 +0100
+++ libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff 2017-09-17 13:20:30.000000000 +0200
@@ -0,0 +1,43 @@
+--- libwpd/src/lib/WP5StylesListener.cpp
++++ libwpd/src/lib/WP5StylesListener.cpp
+@@ -85,8 +85,9 @@
+ m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ m_currentPage.setPageSpan(1);
+
+- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++ HFiter != headerFooterList.end(); ++HFiter)
+ {
+ if ((*HFiter).getOccurrence() != NEVER)
+ {
+--- libwpd/src/lib/WP42StylesListener.cpp
++++ libwpd/src/lib/WP42StylesListener.cpp
+@@ -84,8 +84,9 @@
+ m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ m_currentPage.setPageSpan(1);
+
+- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++ HFiter != headerFooterList.end(); ++HFiter)
+ {
+ if ((*HFiter).getOccurrence() != NEVER)
+ {
+--- libwpd/src/lib/WP1StylesListener.cpp
++++ libwpd/src/lib/WP1StylesListener.cpp
+@@ -83,8 +83,9 @@
+ m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0);
+ m_currentPage.setPageSpan(1);
+
+- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin();
+- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter)
++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList();
++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin();
++ HFiter != headerFooterList.end(); ++HFiter)
+ {
+ if ((*HFiter).getOccurrence() != NEVER)
+ {
+
diff -Nru libwpd-0.10.0/debian/patches/series libwpd-0.10.0/debian/patches/series
--- libwpd-0.10.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100
+++ libwpd-0.10.0/debian/patches/series 2017-09-17 13:20:30.000000000 +0200
@@ -0,0 +1 @@
+libwpd-tdf112269.diff
Reply to: