-
koffice (1:1.5.0-0ubuntu9.4) dapper-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/40_pdf2-embedded-font-fixes.diff: stronger type-checking
added.
* References
CVE-2008-1693
-- Kees Cook <email address hidden> Tue, 15 Apr 2008 14:04:47 -0700
-
koffice (1:1.5.0-0ubuntu9.3) dapper-security; urgency=low
* SECURITY UPDATE: multiple xpdf based vulnerabilities
* Remotely supplied pdf files can be used to disrupt the koffice PDF
import filter on the client machine and possibly execute arbitrary code.
* Add debian/patches/kubuntu_08_xpdf2-CVE-2007-4352-5392-5393.diff
edits filters/kword/pdf/xpdf/xpdf/Stream.cc and .h
* References
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
http://www.kde.org/info/security/advisory-20071107-1.txt
-- Jonathan Riddell <email address hidden> Wed, 07 Nov 2007 20:29:32 +0000
-
koffice (1:1.5.0-0ubuntu9.2) dapper-security; urgency=low
* SECURITY UPDATE: xpdf buffer overflow
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredictor().
* Add kubuntu_01_xpdf-CVE-2007-3387.diff
fixes input data check in kpdf/xpdf/xpdf/Stream.cc
* References
http://www.kde.org/info/security/advisory-20070730-1.txt
CVE-2007-3387
-- Jonathan Riddell <email address hidden> Thu, 02 Aug 2007 17:00:06 +0100
-
koffice (1:1.5.0-0ubuntu9.1) dapper-security; urgency=low
* SECURITY UPDATE: kpdf/kword/xpdf denial of service vulnerability
* kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause denial of service (infinite loop)
via a PDF file that contains a crafted catalog dictionary
or a crafted Pages attribute that references an invalid page
tree node.
* Add kubuntu_07_xpdf_vulnerability.diff
* References:
http://www.kde.org/info/security/advisory-20070115-1.txt
CVE-2007-0104
-- Jonathan Riddell <email address hidden> Mon, 15 Jan 2007 19:35:23 +0000
-
koffice (1:1.5.0-0ubuntu9) dapper; urgency=low
* SECURITY UPDATE: Potential arbitrary code execution.
* Add debian/patches/kubuntu_07_xpdf_vulnerability.diff:
- xpdf/JBIG2Stream.cc, xpdf/Stream.h, splash/SplashXPathScanner.cc: Fix
various integer overflows.
- Upstream patch from Derek Noonburg.
* CVE-2006-1244
-- Jonathan Riddell <email address hidden> Wed, 24 May 2006 10:43:01 +0100
-
koffice (1:1.5.0-0ubuntu8) dapper; urgency=low
* debian/cdbs/kde.mk:
- added dh_iconcache.
-- Daniel Holbach <email address hidden> Sun, 21 May 2006 16:44:35 +0200
-
koffice (1:1.5.0-0ubuntu7) dapper; urgency=low
* Add kubuntu_04_num_locale.patch (backport from 1.5.1) to fix numeric
values breaking file compatibility with OpenOffice.org (Malone #43887)
* Add kubuntu_05_kword_skim.patch (backport from 1.5.1) to fix skim
input method in KWord (Malone #39753)
* Add kubuntu_06_kword_accent.patch (backport from 1.5.1) to fix accent
characters in KWord (Malone #41718)
-- Luka Renko <email address hidden> Wed, 10 May 2006 00:39:21 +0200
-
koffice (1:1.5.0-0ubuntu6) dapper; urgency=low
* Krita conflicts with old koffice-list, closes Malone #41717
-- Jonathan Riddell <email address hidden> Thu, 4 May 2006 01:17:34 +0100
-
koffice (1:1.5.0-0ubuntu5) dapper; urgency=low
* Add missing .so and .la files from koffice-dev.install
-- Jonathan Riddell <email address hidden> Sat, 29 Apr 2006 15:05:09 +0100
-
koffice (1:1.5.0-0ubuntu4) dapper; urgency=low
* Remove dependency from koffice on kplato, kplato not yet
ready for main
* Add places on koffice-dev for libkexi-dev
-- Jonathan Riddell <email address hidden> Wed, 26 Apr 2006 10:25:27 +0100
-
koffice (1:1.5.0-0ubuntu3) dapper; urgency=low
* Don't build-dep on Postgres libraries (in universe)
-- Jonathan Riddell <email address hidden> Fri, 21 Apr 2006 09:49:14 +0000
-
koffice (1:1.5.0-0ubuntu2) dapper; urgency=low
* Ubuntu upload
koffice (1:1.5.0-0ubuntu1.1) dapper; urgency=low
* Security update, add kubuntu_03_xpdf_vulnerability.diff
koffice (1:1.5.0-0ubuntu1) dapper; urgency=low
* New upstream release
-- Jonathan Riddell <email address hidden> Thu, 20 Apr 2006 21:38:53 +0000
-
koffice (1:1.4.2-3ubuntu11) dapper; urgency=low
* SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code.
* Add debian/patches/kubuntu_03_xpdf_vulnerability.diff:
- xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix various integer overflows.
- Upstream patch from Derek Noonburg.
* CVE-2006-1244
-- Jonathan Riddell <email address hidden> Wed, 12 Apr 2006 12:25:10 +0000
-
koffice (1:1.4.2-3ubuntu10) dapper; urgency=low
* Don't use GCC 3.4 on hppa
-- Jonathan Riddell <email address hidden> Thu, 16 Feb 2006 12:04:11 +0000
-
koffice (1:1.4.2-3ubuntu9) dapper; urgency=low
* Fix version on krita replaces
-- Jonathan Riddell <email address hidden> Wed, 25 Jan 2006 19:49:33 +0000
-
koffice (1:1.4.2-3ubuntu8) dapper; urgency=low
* Add replaces on krita for old koffice-libs
-- Jonathan Riddell <email address hidden> Wed, 25 Jan 2006 17:31:17 +0000
-
koffice (1:1.4.2-3ubuntu7) dapper; urgency=low
* SECURITY UPDATE: Multiple integer/buffer overflows.
* Update kubuntu_02_xpdf_vulnerability.diff
* xpdf/Stream.cc, CCITTFaxStream::CCITTFaxStream():
- Check columns for negative or large values.
- CVE-2005-3624
* xpdf/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
- Reset numComps to 0 since it's a global variable that is used later.
- CVE-2005-3627
* xpdf/Stream.cc, DCTStream::readHuffmanTables():
- Fix out of bounds array access in Huffman tables.
- CVE-2005-3627
* xpdf/Stream.cc, DCTStream::readMarker():
- Check for EOF in while loop to prevent endless loops.
- CVE-2005-3625
* xpdf/JBIG2Stream.cc, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(),
JBIG2Stream::readHalftoneRegionSeg():
- Check user supplied width and height against invalid values.
- Allocate one extra byte to prevent out of bounds access in combine().
- CVE-2005-3628
* References:
CVE-2005-3626
CESA-2005-003
http://www.kde.org/info/security/advisory-20051207-2.txt
-- Jonathan Riddell <email address hidden> Fri, 6 Jan 2006 21:59:30 +0000
-
koffice (1:1.4.2-3ubuntu6) dapper; urgency=low
* Fix paths in kthesatusus.install
-- Jonathan Riddell <email address hidden> Fri, 6 Jan 2006 14:42:35 +0000
-
koffice (1:1.4.2-3ubuntu5) dapper; urgency=low
* Add kthesaurus entry to debian/control
-- Jonathan Riddell <email address hidden> Thu, 5 Jan 2006 23:42:33 +0000
-
koffice (1:1.4.2-3ubuntu4) dapper; urgency=low
* Add rule to edit krita.desktop to not appear in Office menu
-- Jonathan Riddell <email address hidden> Thu, 15 Dec 2005 15:49:15 +0000
