Your message dated Sat, 17 Nov 2007 15:02:15 +0000 with message-id <E1ItPBX-00018I-FX@ries.debian.org> and subject line Bug#450631: fixed in koffice 1:1.6.3-3+lenny1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
- From: Nico Golde <nion@debian.org>
- Date: Thu, 8 Nov 2007 18:30:48 +0100
- Message-id: <[🔎] 20071108173048.GA10109@ngolde.de>
Package: koffice Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for xpdf and koffice includes this code. CVE-2007-4352[0]: | Array index error in the DCTStream::readProgressiveDataUnit method in | xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote | attackers to trigger memory corruption and execute arbitrary code via | a crafted PDF file. CVE-2007-5392[1]: | Integer overflow in the DCTStream::reset method in | xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows | remote attackers to execute arbitrary code via a crafted PDF | file, resulting in a heap-based buffer overflow. CVE-2007-5393[2]: | Heap-based buffer overflow in the CCITTFaxStream::lookChar | method in xpdf/Stream.cc in Xpdf 3.02 with | xpdf-3.02pl1.patch allows remote attackers to execute | arbitrary code via a PDF file that contains a crafted | CCITTFaxDecode filter. If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393 Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.Attachment: pgpLPcuK_9oBa.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 450631-close@bugs.debian.org
- Subject: Bug#450631: fixed in koffice 1:1.6.3-3+lenny1
- From: Nico Golde <nion@debian.org>
- Date: Sat, 17 Nov 2007 15:02:15 +0000
- Message-id: <E1ItPBX-00018I-FX@ries.debian.org>
Source: koffice Source-Version: 1:1.6.3-3+lenny1 We believe that the bug you reported is fixed in the latest version of koffice, which is due to be installed in the Debian FTP archive: karbon_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/karbon_1.6.3-3+lenny1_i386.deb kchart_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kchart_1.6.3-3+lenny1_i386.deb kexi_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kexi_1.6.3-3+lenny1_i386.deb kformula_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kformula_1.6.3-3+lenny1_i386.deb kivio-data_1.6.3-3+lenny1_all.deb to pool/main/k/koffice/kivio-data_1.6.3-3+lenny1_all.deb kivio_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kivio_1.6.3-3+lenny1_i386.deb koffice-data_1.6.3-3+lenny1_all.deb to pool/main/k/koffice/koffice-data_1.6.3-3+lenny1_all.deb koffice-dbg_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/koffice-dbg_1.6.3-3+lenny1_i386.deb koffice-dev_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/koffice-dev_1.6.3-3+lenny1_i386.deb koffice-doc-html_1.6.3-3+lenny1_all.deb to pool/main/k/koffice/koffice-doc-html_1.6.3-3+lenny1_all.deb koffice-doc_1.6.3-3+lenny1_all.deb to pool/main/k/koffice/koffice-doc_1.6.3-3+lenny1_all.deb koffice-libs_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/koffice-libs_1.6.3-3+lenny1_i386.deb koffice_1.6.3-3+lenny1.diff.gz to pool/main/k/koffice/koffice_1.6.3-3+lenny1.diff.gz koffice_1.6.3-3+lenny1.dsc to pool/main/k/koffice/koffice_1.6.3-3+lenny1.dsc koffice_1.6.3-3+lenny1_all.deb to pool/main/k/koffice/koffice_1.6.3-3+lenny1_all.deb koshell_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/koshell_1.6.3-3+lenny1_i386.deb kplato_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kplato_1.6.3-3+lenny1_i386.deb kpresenter-data_1.6.3-3+lenny1_all.deb to pool/main/k/koffice/kpresenter-data_1.6.3-3+lenny1_all.deb kpresenter_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kpresenter_1.6.3-3+lenny1_i386.deb krita-data_1.6.3-3+lenny1_all.deb to pool/main/k/koffice/krita-data_1.6.3-3+lenny1_all.deb krita_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/krita_1.6.3-3+lenny1_i386.deb kspread_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kspread_1.6.3-3+lenny1_i386.deb kthesaurus_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kthesaurus_1.6.3-3+lenny1_i386.deb kugar_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kugar_1.6.3-3+lenny1_i386.deb kword-data_1.6.3-3+lenny1_all.deb to pool/main/k/koffice/kword-data_1.6.3-3+lenny1_all.deb kword_1.6.3-3+lenny1_i386.deb to pool/main/k/koffice/kword_1.6.3-3+lenny1_i386.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 450631@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <nion@debian.org> (supplier of updated koffice package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 15 Nov 2007 22:22:08 +0100 Source: koffice Binary: koffice-data kivio koffice kugar kchart karbon kpresenter koffice-dbg kformula koffice-libs koshell kivio-data kspread kword koffice-doc krita krita-data kexi koffice-dev kword-data kthesaurus koffice-doc-html kplato kpresenter-data Architecture: source i386 all Version: 1:1.6.3-3+lenny1 Distribution: testing-security Urgency: high Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org> Changed-By: Nico Golde <nion@debian.org> Description: karbon - a vector graphics application for the KDE Office Suite kchart - a chart drawing program for the KDE Office Suite kexi - integrated database environment for the KDE Office Suite kformula - a formula editor for the KDE Office Suite kivio - a flowcharting program for the KDE Office Suite kivio-data - data files for Kivio flowcharting program koffice - KDE Office Suite koffice-data - common shared data for the KDE Office Suite koffice-dbg - debugging symbols for koffice koffice-dev - common libraries for KOffice (development files) koffice-doc - developer documentation for the KDE Office Suite koffice-doc-html - KDE Office Suite documentation in HTML format koffice-libs - common libraries and binaries for the KDE Office Suite koshell - the KDE Office Suite workspace kplato - an integrated project management and planning tool kpresenter - a presentation program for the KDE Office Suite kpresenter-data - data files for KPresenter presentation program krita - a pixel-based image manipulation program for the KDE Office Suite krita-data - data files for Krita painting program kspread - a spreadsheet for the KDE Office Suite kthesaurus - thesaurus for the KDE Office Suite kugar - a business report maker for the KDE Office Suite kword - a word processor for the KDE Office Suite kword-data - data files for KWord word processor Closes: 450631 Changes: koffice (1:1.6.3-3+lenny1) testing-security; urgency=high . * Non-maintainer upload by testing security team. * Included koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff to address the following security issues (Closes: #450631) - CVE-2007-5393 buffer overflow in the CCITTFaxStream::lookChar leading to arbitrary code execution via a crafted pdf file. - CVE-2007-5392 integer overflow in the DCTStream::reset resulting in a heap based buffer overflow allows code execution. - CVE-2007-4352 array index error in DCTStream::readProgressiveDataUnit leads to memory corruption and possibly arbitrary code execution. Files: 980a894b4b593319f00111cb11ef369d 1430 kde optional koffice_1.6.3-3+lenny1.dsc f4c3a71fbb9c8f345b91d2d3bccb5299 1237374 kde optional koffice_1.6.3-3+lenny1.diff.gz 5b3988f32dfa99f9854f5af674ce3324 17412 kde optional koffice_1.6.3-3+lenny1_all.deb 0f55145a380a67db0b4221db78835649 42674402 doc optional koffice-doc_1.6.3-3+lenny1_all.deb c45209d0604e4e902b8f67e26f782da2 536446 doc optional koffice-doc-html_1.6.3-3+lenny1_all.deb ca1b5ab97a7f2479e51f01b5a5112f7a 689750 graphics optional kivio-data_1.6.3-3+lenny1_all.deb fc8cc406e8f9aaa469f6a31d72e4cbc3 1910508 kde optional kpresenter-data_1.6.3-3+lenny1_all.deb 4fc22627b0d93ef22e100caec119267f 28335656 kde optional krita-data_1.6.3-3+lenny1_all.deb 3a6a15baadab3d6e474cc668aca17a1c 1823580 kde optional kword-data_1.6.3-3+lenny1_all.deb 24580119155c05404716ff1c2e73b52b 746636 libs optional koffice-data_1.6.3-3+lenny1_all.deb 274997badf54c58f30d519e4c718dda9 981116 graphics optional karbon_1.6.3-3+lenny1_i386.deb b735e8db2608489d9edc8ad5818f44bd 1316652 kde optional kchart_1.6.3-3+lenny1_i386.deb d397a8f3fd0acaf66aefdbe2a40e4d04 3616972 kde optional kexi_1.6.3-3+lenny1_i386.deb 27208290031076b07a393bd00d24b743 1028938 kde optional kformula_1.6.3-3+lenny1_i386.deb 0d36be9515a11b7535a70a165d1751d2 559896 graphics optional kivio_1.6.3-3+lenny1_i386.deb 748b00d67ba27edcc7e0a0fec2bc1e2c 185174 kde optional koshell_1.6.3-3+lenny1_i386.deb 3f0197faea4513068cd0b98d8a562f5f 887268 kde optional kplato_1.6.3-3+lenny1_i386.deb 96e19e7158e6407b1da92dec4e478c3f 1245950 kde optional kpresenter_1.6.3-3+lenny1_i386.deb 07f2cd4c73e3b7d28abd5edfd3fcc920 3133588 kde optional krita_1.6.3-3+lenny1_i386.deb 17e0e2ad738d47ff57169f05abc7ac27 2590850 kde optional kspread_1.6.3-3+lenny1_i386.deb c85d138c9bc773ae1d9e353ae91a4bbd 446748 kde optional kugar_1.6.3-3+lenny1_i386.deb e020cfffcf867815d81e05bf6e1f1612 2681010 kde optional kword_1.6.3-3+lenny1_i386.deb 3a1437714eae9e0d16712919caffe2af 320432 kde optional kthesaurus_1.6.3-3+lenny1_i386.deb 2f2150703f08336f69ed2a6fac3d5373 2542152 libs optional koffice-libs_1.6.3-3+lenny1_i386.deb b24b2c4606dae3d0c249eadf5f8c2741 433074 libdevel optional koffice-dev_1.6.3-3+lenny1_i386.deb 34cdab29817456d95710c6937f2a338c 55478952 libdevel extra koffice-dbg_1.6.3-3+lenny1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHPYwDHYflSXNkfP8RAuiwAKCKPOn5gn7aWLzIULyQAY5Y3/C+0gCfVmwM SS85FfZpv1a8DhfR/v/Q05E= =jr3R -----END PGP SIGNATURE-----
--- End Message ---