[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#876001: marked as done (libwpd: CVE-2017-14226)

Your message dated Sun, 24 Sep 2017 13:47:51 +0000
with message-id <E1dw7GB-000Ao4-7e@fasolo.debian.org>
and subject line Bug#876001: fixed in libwpd 0.10.1-5+deb9u1
has caused the Debian Bug report #876001,
regarding libwpd: CVE-2017-14226
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
876001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876001
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Source: libwpd
Version: 0.10.1-5
Severity: important
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/libwpd/tickets/14/

Hi,

the following vulnerability was published for libwpd.

CVE-2017-14226[0]:
| WP1StylesListener.cpp, WP5StylesListener.cpp, and
| WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which
| allows remote attackers to cause a denial of service (heap-based buffer
| over-read in the WPXTableList class in WPXTable.cpp). This
| vulnerability can be triggered in LibreOffice before 5.3.7. It may lead
| to suffering a remote attack against a LibreOffice application.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14226
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14226
[1] https://sourceforge.net/p/libwpd/tickets/14/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1489337
[3] https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9
[4] https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
[5] https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
[6] https://bugs.documentfoundation.org/show_bug.cgi?id=112269

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libwpd
Source-Version: 0.10.1-5+deb9u1

We believe that the bug you reported is fixed in the latest version of
libwpd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 876001@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Rene Engelhard <rene@debian.org> (supplier of updated libwpd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 17 Sep 2017 13:20:30 +0200
Source: libwpd
Binary: libwpd-dev libwpd-0.10-10 libwpd-tools libwpd-doc
Architecture: source
Version: 0.10.1-5+deb9u1
Distribution: stretch
Urgency: medium
Maintainer: Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org>
Changed-By: Rene Engelhard <rene@debian.org>
Description:
 libwpd-0.10-10 - Library for handling WordPerfect documents (shared library)
 libwpd-dev - Library for handling WordPerfect documents (development)
 libwpd-doc - Library for handling WordPerfect documents (documentation)
 libwpd-tools - Tools from libwpd for converting WordPerfect to HTML/RAW/Text
Closes: 876001
Changes:
 libwpd (0.10.1-5+deb9u1) stretch; urgency=medium
 .
   * debian/patches/libwpd-tdf112269.diff: backport patch to fix
     CVE-2017-14226 (closes: #876001)
Checksums-Sha1:
 0b8612a54dc11a187297d46e6678efdf822b18f6 2066 libwpd_0.10.1-5+deb9u1.dsc
 143f68e58012741e71e1b8f4f7ca7915c7373a69 11836 libwpd_0.10.1-5+deb9u1.debian.tar.xz
 57eb63e966472c09f79641e29f2406038939e18e 5384 libwpd_0.10.1-5+deb9u1_source.buildinfo
Checksums-Sha256:
 daa211e797c063f76e2d7692335a81ecddbfd0ef786eddd4e54e112d3ba011d2 2066 libwpd_0.10.1-5+deb9u1.dsc
 3045c8762a0ec2b9855cd86d083d9144283fbeb13f77fd24cff4cdaa9656e2af 11836 libwpd_0.10.1-5+deb9u1.debian.tar.xz
 57f8aced23e69337b933c886994332f3707b502713a2a0d32d101eefe04fd5c0 5384 libwpd_0.10.1-5+deb9u1_source.buildinfo
Files:
 c2fa32d90b37144f5d1a0ece0bb02e29 2066 devel optional libwpd_0.10.1-5+deb9u1.dsc
 a619839cb266f6ebb1cdc6e7a96bfe1c 11836 devel optional libwpd_0.10.1-5+deb9u1.debian.tar.xz
 cdbd09e7e7dee291d711df2783d529dc 5384 devel optional libwpd_0.10.1-5+deb9u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAlnGl1AACgkQCqBFcdA+
PnAL3Q/+LgM2Tua6X9wD6jjTXXjmCfsKsA4207zfLY9T8WbwuYR2CL0x5aipe0th
oH6sW1SZbOhT89Rm8cMQY+Ofa7vgBd9fEecgZzW2Do7lj7FiU7lLCMzABpwR+SpH
uwIdH1MVjiPKTgdT0Vd5cHIPOirsWoP2D3JZQCmCnC8Vo95oBXTT8DpVJJb3xShG
DsFy/JLDeWi/OvpmcJFefqjCiIHsJZJZFB/ZMkAHZerfwgtpc7teA2QR8Zkyg/4b
D7SuF0fcVN0cM1UaJcKuRxTNI+ZE0j+qcChiWtNP3yKAhKtFe/mB/FOsGQFB+gtH
2+9fb/HLuMegPhBxIdr8ewVaG8IYXc7Q/kNdDbYodxfDUZRZurHAwO0I965dynMA
1h97Wyajp0zDQr2POUkvFsh5CAypxG8JlSVqG+JY2/cBTnjDE331JoY0nFqwSBoY
de5haEeJ76Q/p7c4jnYaK+Oo1JlYCcpFkHQFGvKd2vh2SsKRCWAldNPd1M60rNmh
3KbukKWZCOil16sFnU5koNwhJCRCAqvyNBYwVRzjYh/9uIHL5vtEgmF/b9160mam
WNm7dc2vU12uilxyF76zIfuKDe2lViyPkCx8hxcmVVV7SRWenA2JErpz0x3vM8E1
sP/fQC4jk8boGbnUY9rGU1m+oOle7X7rcSqz+NHDoI6W9+q38Co=
=uLbP
-----END PGP SIGNATURE-----

--- End Message ---
Reply to: