Bug#450631: marked as done (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution)

To: Nico Golde <nion@debian.org>
Subject: Bug#450631: marked as done (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sat, 17 Nov 2007 15:15:02 +0000
Message-id: <[🔎] handler.450631.D450631.119531237218254.ackdone@bugs.debian.org>
References: <E1ItPBX-00018I-FX@ries.debian.org> <[🔎] 20071108173048.GA10109@ngolde.de>

Your message dated Sat, 17 Nov 2007 15:02:15 +0000
with message-id <E1ItPBX-00018I-FX@ries.debian.org>
and subject line Bug#450631: fixed in koffice 1:1.6.3-3+lenny1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

To: submit@bugs.debian.org
Subject: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
From: Nico Golde <nion@debian.org>
Date: Thu, 8 Nov 2007 18:30:48 +0100
Message-id: <[🔎] 20071108173048.GA10109@ngolde.de>

Package: koffice
Severity: grave
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for xpdf and koffice includes this code.

CVE-2007-4352[0]:
| Array index error in the DCTStream::readProgressiveDataUnit method in
| xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows remote
| attackers to trigger memory corruption and execute arbitrary code via
| a crafted PDF file.

CVE-2007-5392[1]:
| Integer overflow in the DCTStream::reset method in
| xpdf/Stream.cc in Xpdf 3.02 with xpdf-3.02pl1.patch allows
| remote attackers to execute arbitrary code via a crafted PDF
| file, resulting in a heap-based buffer overflow.

CVE-2007-5393[2]:
| Heap-based buffer overflow in the CCITTFaxStream::lookChar
| method in xpdf/Stream.cc in Xpdf 3.02 with
| xpdf-3.02pl1.patch allows remote attackers to execute
| arbitrary code via a PDF file that contains a crafted
| CCITTFaxDecode filter.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4352
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5392
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5393

Kind regards
Nico

-- 
Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpLPcuK_9oBa.pgp
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 450631-close@bugs.debian.org
Subject: Bug#450631: fixed in koffice 1:1.6.3-3+lenny1
From: Nico Golde <nion@debian.org>
Date: Sat, 17 Nov 2007 15:02:15 +0000
Message-id: <E1ItPBX-00018I-FX@ries.debian.org>

Source: koffice
Source-Version: 1:1.6.3-3+lenny1

We believe that the bug you reported is fixed in the latest version of
koffice, which is due to be installed in the Debian FTP archive:

karbon_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/karbon_1.6.3-3+lenny1_i386.deb
kchart_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kchart_1.6.3-3+lenny1_i386.deb
kexi_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kexi_1.6.3-3+lenny1_i386.deb
kformula_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kformula_1.6.3-3+lenny1_i386.deb
kivio-data_1.6.3-3+lenny1_all.deb
  to pool/main/k/koffice/kivio-data_1.6.3-3+lenny1_all.deb
kivio_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kivio_1.6.3-3+lenny1_i386.deb
koffice-data_1.6.3-3+lenny1_all.deb
  to pool/main/k/koffice/koffice-data_1.6.3-3+lenny1_all.deb
koffice-dbg_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/koffice-dbg_1.6.3-3+lenny1_i386.deb
koffice-dev_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/koffice-dev_1.6.3-3+lenny1_i386.deb
koffice-doc-html_1.6.3-3+lenny1_all.deb
  to pool/main/k/koffice/koffice-doc-html_1.6.3-3+lenny1_all.deb
koffice-doc_1.6.3-3+lenny1_all.deb
  to pool/main/k/koffice/koffice-doc_1.6.3-3+lenny1_all.deb
koffice-libs_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/koffice-libs_1.6.3-3+lenny1_i386.deb
koffice_1.6.3-3+lenny1.diff.gz
  to pool/main/k/koffice/koffice_1.6.3-3+lenny1.diff.gz
koffice_1.6.3-3+lenny1.dsc
  to pool/main/k/koffice/koffice_1.6.3-3+lenny1.dsc
koffice_1.6.3-3+lenny1_all.deb
  to pool/main/k/koffice/koffice_1.6.3-3+lenny1_all.deb
koshell_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/koshell_1.6.3-3+lenny1_i386.deb
kplato_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kplato_1.6.3-3+lenny1_i386.deb
kpresenter-data_1.6.3-3+lenny1_all.deb
  to pool/main/k/koffice/kpresenter-data_1.6.3-3+lenny1_all.deb
kpresenter_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kpresenter_1.6.3-3+lenny1_i386.deb
krita-data_1.6.3-3+lenny1_all.deb
  to pool/main/k/koffice/krita-data_1.6.3-3+lenny1_all.deb
krita_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/krita_1.6.3-3+lenny1_i386.deb
kspread_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kspread_1.6.3-3+lenny1_i386.deb
kthesaurus_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kthesaurus_1.6.3-3+lenny1_i386.deb
kugar_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kugar_1.6.3-3+lenny1_i386.deb
kword-data_1.6.3-3+lenny1_all.deb
  to pool/main/k/koffice/kword-data_1.6.3-3+lenny1_all.deb
kword_1.6.3-3+lenny1_i386.deb
  to pool/main/k/koffice/kword_1.6.3-3+lenny1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 450631@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Nico Golde <nion@debian.org> (supplier of updated koffice package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 15 Nov 2007 22:22:08 +0100
Source: koffice
Binary: koffice-data kivio koffice kugar kchart karbon kpresenter koffice-dbg kformula koffice-libs koshell kivio-data kspread kword koffice-doc krita krita-data kexi koffice-dev kword-data kthesaurus koffice-doc-html kplato kpresenter-data
Architecture: source i386 all
Version: 1:1.6.3-3+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description: 
 karbon     - a vector graphics application for the KDE Office Suite
 kchart     - a chart drawing program for the KDE Office Suite
 kexi       - integrated database environment for the KDE Office Suite
 kformula   - a formula editor for the KDE Office Suite
 kivio      - a flowcharting program for the KDE Office Suite
 kivio-data - data files for Kivio flowcharting program
 koffice    - KDE Office Suite
 koffice-data - common shared data for the KDE Office Suite
 koffice-dbg - debugging symbols for koffice
 koffice-dev - common libraries for KOffice (development files)
 koffice-doc - developer documentation for the KDE Office Suite
 koffice-doc-html - KDE Office Suite documentation in HTML format
 koffice-libs - common libraries and binaries for the KDE Office Suite
 koshell    - the KDE Office Suite workspace
 kplato     - an integrated project management and planning tool
 kpresenter - a presentation program for the KDE Office Suite
 kpresenter-data - data files for KPresenter presentation program
 krita      - a pixel-based image manipulation program for the KDE Office Suite
 krita-data - data files for Krita painting program
 kspread    - a spreadsheet for the KDE Office Suite
 kthesaurus - thesaurus for the KDE Office Suite
 kugar      - a business report maker for the KDE Office Suite
 kword      - a word processor for the KDE Office Suite
 kword-data - data files for KWord word processor
Closes: 450631
Changes: 
 koffice (1:1.6.3-3+lenny1) testing-security; urgency=high
 .
    * Non-maintainer upload by testing security team.
    * Included koffice-1.6.3-xpdf2-CVE-2007-4352-5392-5393.diff to address the
      following security issues (Closes: #450631)
      - CVE-2007-5393 buffer overflow in the CCITTFaxStream::lookChar leading
        to arbitrary code execution via a crafted pdf file.
      - CVE-2007-5392 integer overflow in the DCTStream::reset resulting in a
        heap based buffer overflow allows code execution.
      - CVE-2007-4352 array index error in DCTStream::readProgressiveDataUnit
        leads to memory corruption and possibly arbitrary code execution.
Files: 
 980a894b4b593319f00111cb11ef369d 1430 kde optional koffice_1.6.3-3+lenny1.dsc
 f4c3a71fbb9c8f345b91d2d3bccb5299 1237374 kde optional koffice_1.6.3-3+lenny1.diff.gz
 5b3988f32dfa99f9854f5af674ce3324 17412 kde optional koffice_1.6.3-3+lenny1_all.deb
 0f55145a380a67db0b4221db78835649 42674402 doc optional koffice-doc_1.6.3-3+lenny1_all.deb
 c45209d0604e4e902b8f67e26f782da2 536446 doc optional koffice-doc-html_1.6.3-3+lenny1_all.deb
 ca1b5ab97a7f2479e51f01b5a5112f7a 689750 graphics optional kivio-data_1.6.3-3+lenny1_all.deb
 fc8cc406e8f9aaa469f6a31d72e4cbc3 1910508 kde optional kpresenter-data_1.6.3-3+lenny1_all.deb
 4fc22627b0d93ef22e100caec119267f 28335656 kde optional krita-data_1.6.3-3+lenny1_all.deb
 3a6a15baadab3d6e474cc668aca17a1c 1823580 kde optional kword-data_1.6.3-3+lenny1_all.deb
 24580119155c05404716ff1c2e73b52b 746636 libs optional koffice-data_1.6.3-3+lenny1_all.deb
 274997badf54c58f30d519e4c718dda9 981116 graphics optional karbon_1.6.3-3+lenny1_i386.deb
 b735e8db2608489d9edc8ad5818f44bd 1316652 kde optional kchart_1.6.3-3+lenny1_i386.deb
 d397a8f3fd0acaf66aefdbe2a40e4d04 3616972 kde optional kexi_1.6.3-3+lenny1_i386.deb
 27208290031076b07a393bd00d24b743 1028938 kde optional kformula_1.6.3-3+lenny1_i386.deb
 0d36be9515a11b7535a70a165d1751d2 559896 graphics optional kivio_1.6.3-3+lenny1_i386.deb
 748b00d67ba27edcc7e0a0fec2bc1e2c 185174 kde optional koshell_1.6.3-3+lenny1_i386.deb
 3f0197faea4513068cd0b98d8a562f5f 887268 kde optional kplato_1.6.3-3+lenny1_i386.deb
 96e19e7158e6407b1da92dec4e478c3f 1245950 kde optional kpresenter_1.6.3-3+lenny1_i386.deb
 07f2cd4c73e3b7d28abd5edfd3fcc920 3133588 kde optional krita_1.6.3-3+lenny1_i386.deb
 17e0e2ad738d47ff57169f05abc7ac27 2590850 kde optional kspread_1.6.3-3+lenny1_i386.deb
 c85d138c9bc773ae1d9e353ae91a4bbd 446748 kde optional kugar_1.6.3-3+lenny1_i386.deb
 e020cfffcf867815d81e05bf6e1f1612 2681010 kde optional kword_1.6.3-3+lenny1_i386.deb
 3a1437714eae9e0d16712919caffe2af 320432 kde optional kthesaurus_1.6.3-3+lenny1_i386.deb
 2f2150703f08336f69ed2a6fac3d5373 2542152 libs optional koffice-libs_1.6.3-3+lenny1_i386.deb
 b24b2c4606dae3d0c249eadf5f8c2741 433074 libdevel optional koffice-dev_1.6.3-3+lenny1_i386.deb
 34cdab29817456d95710c6937f2a338c 55478952 libdevel extra koffice-dbg_1.6.3-3+lenny1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHPYwDHYflSXNkfP8RAuiwAKCKPOn5gn7aWLzIULyQAY5Y3/C+0gCfVmwM
SS85FfZpv1a8DhfR/v/Q05E=
=jr3R
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#450631: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
  - From: Nico Golde <nion@debian.org>

Prev by Date: koffice_1.6.3-3+lenny1_i386.changes ACCEPTED
Next by Date: Processed: [bts-link] source package kdepim
Previous by thread: Bug#450631: marked as done (CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution)
Next by thread: Processed: Re: Bug#450630: CVE-2007-4352, CVE-2007-5392, CVE-2007-5393 multiple vulnerabilities leading to arbitrary code execution
Index(es):
- Date
- Thread