Bug#876001: marked as done (libwpd: CVE-2017-14226)
Your message dated Sun, 17 Sep 2017 09:50:14 +0000
with message-id <E1dtWDO-0005fc-HV@fasolo.debian.org>
and subject line Bug#876001: fixed in libwpd 0.10.2-1
has caused the Debian Bug report #876001,
regarding libwpd: CVE-2017-14226
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
876001: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876001
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
Source: libwpd
Version: 0.10.1-5
Severity: important
Tags: patch security upstream
Forwarded: https://sourceforge.net/p/libwpd/tickets/14/
Hi,
the following vulnerability was published for libwpd.
CVE-2017-14226[0]:
| WP1StylesListener.cpp, WP5StylesListener.cpp, and
| WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which
| allows remote attackers to cause a denial of service (heap-based buffer
| over-read in the WPXTableList class in WPXTable.cpp). This
| vulnerability can be triggered in LibreOffice before 5.3.7. It may lead
| to suffering a remote attack against a LibreOffice application.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14226
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14226
[1] https://sourceforge.net/p/libwpd/tickets/14/
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1489337
[3] https://cgit.freedesktop.org/libreoffice/core/commit/?id=dd89afa6ee8166b69e7a1e86f22616ca8fc122c9
[4] https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
[5] https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
[6] https://bugs.documentfoundation.org/show_bug.cgi?id=112269
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libwpd
Source-Version: 0.10.2-1
We believe that the bug you reported is fixed in the latest version of
libwpd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 876001@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Rene Engelhard <rene@debian.org> (supplier of updated libwpd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 17 Sep 2017 11:31:28 +0200
Source: libwpd
Binary: libwpd-dev libwpd-0.10-10 libwpd-tools libwpd-doc
Architecture: source
Version: 0.10.2-1
Distribution: unstable
Urgency: medium
Maintainer: Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org>
Changed-By: Rene Engelhard <rene@debian.org>
Description:
libwpd-0.10-10 - Library for handling WordPerfect documents (shared library)
libwpd-dev - Library for handling WordPerfect documents (development)
libwpd-doc - Library for handling WordPerfect documents (documentation)
libwpd-tools - Tools from libwpd for converting WordPerfect to HTML/RAW/Text
Closes: 876001
Changes:
libwpd (0.10.2-1) unstable; urgency=medium
.
* New upstream version 0.10.2
- fixes CVE-2017-14226 (closes: #876001)
Checksums-Sha1:
898c4e10fc594cf858c68e17e1a89d2387d7b7cf 2038 libwpd_0.10.2-1.dsc
a6ea89f82c44df889cc5718608c4bfd6740eeb34 674231 libwpd_0.10.2.orig.tar.bz2
a95d6c47cbf4880662cfba1c5fa04c4024493754 11424 libwpd_0.10.2-1.debian.tar.xz
f4ba3b30cea80c2c9314f6c2124d3f335abff56f 5246 libwpd_0.10.2-1_source.buildinfo
Checksums-Sha256:
07c8c0539871f3f915341e793326cf3289ebd3e2848e8996dd21d00df26001bf 2038 libwpd_0.10.2-1.dsc
8859deb6df292c82c7657b7ecbb6f3ef65da252df9d265b755f06bec77add52c 674231 libwpd_0.10.2.orig.tar.bz2
46fcf7006451f7b002734e8092cd93a8c4d4f56760244d70553cc8bfae0fa86d 11424 libwpd_0.10.2-1.debian.tar.xz
0778f4cf99506189de904650be5ea71d4b1efa95c209999938700fda66481e78 5246 libwpd_0.10.2-1_source.buildinfo
Files:
dd03066e70e47a94a015030a887a43e8 2038 devel optional libwpd_0.10.2-1.dsc
c70d93efa6819b11310ccc5ec8e3821c 674231 devel optional libwpd_0.10.2.orig.tar.bz2
473c907fd94e7f436f662082e06ff66f 11424 devel optional libwpd_0.10.2-1.debian.tar.xz
f4e11b2b9e2bffeb6d28de7c85dbd53b 5246 devel optional libwpd_0.10.2-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAlm+QiYACgkQCqBFcdA+
PnBx4Q//aL+tP7wOxRGy4ao253QHydxKV+X8iELIHVpAe3Lwg4Ln4s8Tzl6CMKvX
5oATDyzhpKymFnD3jRJnJCUsVPyqQDVgUPgJcyorok7atzADzs2RJBoSvZODylQz
hV4t3msOTTR7PX8jRP9vjjYWzYKWLU6ZU4WQT4jBQkTGj/k3DB/6Whd598gI+X+I
7saf27OCnrMnBYVSaSMIx43YsPrzx4pSsZAYCuL6dfI0JEYm3MEl+djgsk3rP8/A
0rbjdlPoJ54q5ofzIUt7tkWuXrW5tf+VoliEQHvON2f2mQ/Esg5SVhhZSNTIH2RM
j5WSNgqMRl/P7hM+gh3LIetQ42TmG5k59/VsLbBChRvOaCM6eOQ+r/417UQXavbC
KkS4uBB9TXLwFnLAObh1Sx+2bnysznIg9RLEatpTbPHTF4QxtqxR/Na4+VCZg3xz
EHOnCJIdvakXKPlH1bzjl1B2eNZ2e3x7XN7R38syOqEpqpPf72IZ4xp+2gcMGtiq
bThVuag5Mn4tEP0pBGnAtrOH9lLT8znsYitI/izbfrKUlbLT889t+6goGdlil4Lm
ChvOnEr0g/ca2K2sDcaahRAF+yC1KUUNO43HXEh4CEch8T1y74UZnZi6YPWCVI9P
CgKEEN2vRHGbzKqEi24OAHwBScuvZCLeH74nMGLcnyc+QABLH7Q=
=rJWo
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: