Bug#444014: marked as done (koffice: CVE-2007-5049 stack based buffer overflow)

Thu, 27 Sep 2007 02:36:06 -0700 

Your message dated Thu, 27 Sep 2007 09:17:45 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#444014: fixed in koffice 1:1.6.3-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: koffice
Severity: grave
Tags: security
Justification: user security hole

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for poppler.

CVE-2007-5049[0]:
| Stack-based buffer overflow in the StreamPredictor::getNextLine
| function in xpdf, as used in (1) poppler before 0.5.91, (2) gpdf, (3)
| kpdf, (4) kdegraphics, (5) CUPS, and other products, might allow
| remote attackers to execute arbitrary code via a crafted PDF file, a
| different vulnerability than CVE-2007-3387.

If you fix this vulnerability please also include the CVE id
in your changelog entry.

You can find a patch on:
ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5049

Cheers
Steffen

--- End Message ---
--- Begin Message --- 
Source: koffice
Source-Version: 1:1.6.3-3

We believe that the bug you reported is fixed in the latest version of
koffice, which is due to be installed in the Debian FTP archive:

karbon_1.6.3-3_amd64.deb
  to pool/main/k/koffice/karbon_1.6.3-3_amd64.deb
kchart_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kchart_1.6.3-3_amd64.deb
kexi_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kexi_1.6.3-3_amd64.deb
kformula_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kformula_1.6.3-3_amd64.deb
kivio-data_1.6.3-3_all.deb
  to pool/main/k/koffice/kivio-data_1.6.3-3_all.deb
kivio_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kivio_1.6.3-3_amd64.deb
koffice-data_1.6.3-3_all.deb
  to pool/main/k/koffice/koffice-data_1.6.3-3_all.deb
koffice-dbg_1.6.3-3_amd64.deb
  to pool/main/k/koffice/koffice-dbg_1.6.3-3_amd64.deb
koffice-dev_1.6.3-3_amd64.deb
  to pool/main/k/koffice/koffice-dev_1.6.3-3_amd64.deb
koffice-doc-html_1.6.3-3_all.deb
  to pool/main/k/koffice/koffice-doc-html_1.6.3-3_all.deb
koffice-doc_1.6.3-3_all.deb
  to pool/main/k/koffice/koffice-doc_1.6.3-3_all.deb
koffice-libs_1.6.3-3_amd64.deb
  to pool/main/k/koffice/koffice-libs_1.6.3-3_amd64.deb
koffice_1.6.3-3.diff.gz
  to pool/main/k/koffice/koffice_1.6.3-3.diff.gz
koffice_1.6.3-3.dsc
  to pool/main/k/koffice/koffice_1.6.3-3.dsc
koffice_1.6.3-3_all.deb
  to pool/main/k/koffice/koffice_1.6.3-3_all.deb
koshell_1.6.3-3_amd64.deb
  to pool/main/k/koffice/koshell_1.6.3-3_amd64.deb
kplato_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kplato_1.6.3-3_amd64.deb
kpresenter-data_1.6.3-3_all.deb
  to pool/main/k/koffice/kpresenter-data_1.6.3-3_all.deb
kpresenter_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kpresenter_1.6.3-3_amd64.deb
krita-data_1.6.3-3_all.deb
  to pool/main/k/koffice/krita-data_1.6.3-3_all.deb
krita_1.6.3-3_amd64.deb
  to pool/main/k/koffice/krita_1.6.3-3_amd64.deb
kspread_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kspread_1.6.3-3_amd64.deb
kthesaurus_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kthesaurus_1.6.3-3_amd64.deb
kugar_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kugar_1.6.3-3_amd64.deb
kword-data_1.6.3-3_all.deb
  to pool/main/k/koffice/kword-data_1.6.3-3_all.deb
kword_1.6.3-3_amd64.deb
  to pool/main/k/koffice/kword_1.6.3-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ana Beatriz Guerrero Lopez <[EMAIL PROTECTED]> (supplier of updated koffice 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 26 Sep 2007 23:29:24 +0200
Source: koffice
Binary: koffice-data kivio koffice kugar kchart karbon kpresenter koffice-dbg 
kformula koffice-libs koshell kivio-data kspread kword koffice-doc krita 
krita-data kexi koffice-dev kword-data kthesaurus koffice-doc-html kplato 
kpresenter-data
Architecture: source amd64 all
Version: 1:1.6.3-3
Distribution: unstable
Urgency: high
Maintainer: Debian Qt/KDE Maintainers <[EMAIL PROTECTED]>
Changed-By: Ana Beatriz Guerrero Lopez <[EMAIL PROTECTED]>
Description: 
 karbon     - a vector graphics application for the KDE Office Suite
 kchart     - a chart drawing program for the KDE Office Suite
 kexi       - integrated database environment for the KDE Office Suite
 kformula   - a formula editor for the KDE Office Suite
 kivio      - a flowcharting program for the KDE Office Suite
 kivio-data - data files for Kivio flowcharting program
 koffice    - KDE Office Suite
 koffice-data - common shared data for the KDE Office Suite
 koffice-dbg - debugging symbols for koffice
 koffice-dev - common libraries for KOffice (development files)
 koffice-doc - developer documentation for the KDE Office Suite
 koffice-doc-html - KDE Office Suite documentation in HTML format
 koffice-libs - common libraries and binaries for the KDE Office Suite
 koshell    - the KDE Office Suite workspace
 kplato     - an integrated project management and planning tool
 kpresenter - a presentation program for the KDE Office Suite
 kpresenter-data - data files for KPresenter presentation program
 krita      - a pixel-based image manipulation program for the KDE Office Suite
 krita-data - data files for Krita painting program
 kspread    - a spreadsheet for the KDE Office Suite
 kthesaurus - thesaurus for the KDE Office Suite
 kugar      - a business report maker for the KDE Office Suite
 kword      - a word processor for the KDE Office Suite
 kword-data - data files for KWord word processor
Closes: 443673 444014
Changes: 
 koffice (1:1.6.3-3) unstable; urgency=high
 .
   * Patch for stack-based buffer overflow in the StreamPredictor::getNextLine
     function in xpd that might allow remote attackers to execute arbitrary code
     via a crafted PDF file. CVE-2007-504. (Closes: #444014)
   * Update section in Debian menu files.
   * Install kexi example /usr/share/apps/kexi/examples/Simple_Database.kexi
   * Install libkrita*.{la,so} files to allow build external plugins.
     (Closes: #443673)
   * Add not-installed.list file to keep track of not installed files.
   * Add a missing dependency on kcontrol to kformula, in order to provide the
     fonts kioslave. Thanks to Eike Hein for reporting.
Files: 
 0ef5567567fef064d038714344c06493 1448 kde optional koffice_1.6.3-3.dsc
 76e8cd407454ea3c64b56ebddce32d8d 1230471 kde optional koffice_1.6.3-3.diff.gz
 eef90f444ecd64f353b6f3113f10d123 17174 kde optional koffice_1.6.3-3_all.deb
 193dfc9181c35b7b58e2c3a06c6d08b6 100913348 doc optional 
koffice-doc_1.6.3-3_all.deb
 027eca2df4ed1e8d167588f23bb1a9a6 537050 doc optional 
koffice-doc-html_1.6.3-3_all.deb
 23ca002df06e7b72734b0bda30c6f837 689492 graphics optional 
kivio-data_1.6.3-3_all.deb
 62407d2c1aa52bd999b4879341abf081 1912310 kde optional 
kpresenter-data_1.6.3-3_all.deb
 c80e46ca19b6f9fdc8c29ebe7e32398f 28325580 kde optional 
krita-data_1.6.3-3_all.deb
 8cb26cfdc85840280dc759294d192137 1818474 kde optional 
kword-data_1.6.3-3_all.deb
 d91ea5fa77295c7bd6cc653d8dcfa763 745000 libs optional 
koffice-data_1.6.3-3_all.deb
 732788d8e0f2ca50a220aa4cae6d3bad 1072692 graphics optional 
karbon_1.6.3-3_amd64.deb
 e751b65b6e3d45cafdc35fe3a299c999 1375734 kde optional kchart_1.6.3-3_amd64.deb
 1c2c850ef364841d1a44fc9eef9a4958 3737244 kde optional kexi_1.6.3-3_amd64.deb
 1b315ca83d0440f007a3fc21867f5282 1035596 kde optional 
kformula_1.6.3-3_amd64.deb
 6337545e9601ec46df9d22b59b84dc4f 619712 graphics optional 
kivio_1.6.3-3_amd64.deb
 ffc5e6edb58c37b52251e988846e8ed9 189858 kde optional koshell_1.6.3-3_amd64.deb
 c258df4c208fc1ab918de9cdf2b2c167 957600 kde optional kplato_1.6.3-3_amd64.deb
 5e526024bff749b354a6285e2f01736d 1353140 kde optional 
kpresenter_1.6.3-3_amd64.deb
 119ccb061b91ca0e19f8ace81eb96ef4 3435812 kde optional krita_1.6.3-3_amd64.deb
 243ad082a6c5566b45161b465af297ac 2743054 kde optional kspread_1.6.3-3_amd64.deb
 c104c148a3b3d789c623eb7598f93ddb 460458 kde optional kugar_1.6.3-3_amd64.deb
 6008cb241bff5929de964cda4a142534 2890142 kde optional kword_1.6.3-3_amd64.deb
 84eff79f369cf9c2163cf013e2ae21e9 322322 kde optional 
kthesaurus_1.6.3-3_amd64.deb
 53c1b14c20eec6c9ed98639652469399 2740498 libs optional 
koffice-libs_1.6.3-3_amd64.deb
 03879598c3a81f69980c9cad1a03f07b 432810 libdevel optional 
koffice-dev_1.6.3-3_amd64.deb
 8bb9e1786b8f86c9252ddaa4a378dea5 109371948 libdevel extra 
koffice-dbg_1.6.3-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Signed by Ana Guerrero

iD8DBQFG+1BWn3j4POjENGERApSHAJ4m/9mvc4tsU7msJngBO5QDO1tabwCdHw2+
Q4tMItKlFEI6IX3wt9/c6DY=
=rv8G
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to