-
koffice (1:1.5.2-0ubuntu2.4) edgy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/40_pdf2-embedded-font-fixes.diff: stronger type-checking
added.
* References
CVE-2008-1693
-- Kees Cook <email address hidden> Tue, 15 Apr 2008 14:04:47 -0700
-
koffice (1:1.5.2-0ubuntu2.3) edgy-security; urgency=low
* SECURITY UPDATE: multiple xpdf based vulnerabilities
* Remotely supplied pdf files can be used to disrupt the koffice PDF
import filter on the client machine and possibly execute arbitrary code.
* Add debian/patches/kubuntu_08_xpdf2-CVE-2007-4352-5392-5393.diff
edits filters/kword/pdf/xpdf/xpdf/Stream.cc and .h
* References
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
http://www.kde.org/info/security/advisory-20071107-1.txt
-- Jonathan Riddell <email address hidden> Wed, 07 Nov 2007 20:29:32 +0000
-
koffice (1:1.5.2-0ubuntu2.2) edgy-security; urgency=low
* SECURITY UPDATE: xpdf buffer overflow
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredictor().
* Add kubuntu_01_xpdf-CVE-2007-3387.diff
fixes input data check in kpdf/xpdf/xpdf/Stream.cc
* References
http://www.kde.org/info/security/advisory-20070730-1.txt
CVE-2007-3387
-- Jonathan Riddell <email address hidden> Thu, 02 Aug 2007 17:00:06 +0100
-
koffice (1:1.5.2-0ubuntu2.1) edgy-security; urgency=low
* SECURITY UPDATE: kpdf/kword/xpdf denial of service vulnerability
* kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause denial of service (infinite loop)
via a PDF file that contains a crafted catalog dictionary
or a crafted Pages attribute that references an invalid page
tree node.
* Add kubuntu_07_xpdf_vulnerability.diff
* References:
http://www.kde.org/info/security/advisory-20070115-1.txt
CVE-2007-0104
-- Jonathan Riddell <email address hidden> Mon, 15 Jan 2007 19:34:32 +0000
-
koffice (1:1.5.2-0ubuntu2) edgy; urgency=low
* Remove build-dep on libpqxx-dev
-- Jonathan Riddell <email address hidden> Tue, 11 Jul 2006 15:30:41 +0000
-
koffice (1:1.5.2-0ubuntu1) edgy; urgency=low
* New upstream release
-- Jonathan Riddell <email address hidden> Mon, 10 Jul 2006 16:50:05 +0000
-
koffice (1:1.5.1-1ubuntu1) edgy; urgency=low
* Sync with Debian
* Add debian/patches/common/kubuntu_01_kdepot.diff
koffice (1:1.5.1-1) unstable; urgency=low
* New upstream release
* Bumped Standard-Version to 3.7.2, no changes required
* Build-Depend on libexif-dev (>= 0.6.13)
* Tighten apps dependency on koffice-libs (<< ${KDE-Next-Version3}),
closes: #366298
* Add three patches from usptream SVN, including one to not include
KDXMLTools.h from public headers, which closes: #330470
koffice (1:1.5.0-1) unstable; urgency=low
* New upstream release
koffice (1:1.4.99-1) unstable; urgency=low
* New upstream release candidate
-- Jonathan Riddell <email address hidden> Thu, 6 Jul 2006 13:19:53 +0000
-
koffice (1:1.5.0-0ubuntu9) dapper; urgency=low
* SECURITY UPDATE: Potential arbitrary code execution.
* Add debian/patches/kubuntu_07_xpdf_vulnerability.diff:
- xpdf/JBIG2Stream.cc, xpdf/Stream.h, splash/SplashXPathScanner.cc: Fix
various integer overflows.
- Upstream patch from Derek Noonburg.
* CVE-2006-1244
-- Jonathan Riddell <email address hidden> Wed, 24 May 2006 10:43:01 +0100