-
koffice (1:1.6.3-0ubuntu1~feisty1) feisty-backports; urgency=low
* New upstream release
* Build-dep on libexif-dev
* Backport build
-- Jonathan Riddell <email address hidden> Fri, 01 Jun 2007 12:38:57 +0100
-
koffice (1:1.6.2-0ubuntu1.3) feisty-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/40_pdf2-embedded-font-fixes.diff: stronger type-checking
added.
* References
CVE-2008-1693
-- Kees Cook <email address hidden> Tue, 15 Apr 2008 14:04:47 -0700
-
koffice (1:1.6.2-0ubuntu1.2) feisty-security; urgency=low
* SECURITY UPDATE: multiple xpdf based vulnerabilities
* Remotely supplied pdf files can be used to disrupt the koffice PDF
import filter on the client machine and possibly execute arbitrary code.
* Add debian/patches/kubuntu_02_xpdf2-CVE-2007-4352-5392-5393.diff
edits filters/kword/pdf/xpdf/xpdf/Stream.cc and .h
* References
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
http://www.kde.org/info/security/advisory-20071107-1.txt
-- Jonathan Riddell <email address hidden> Wed, 07 Nov 2007 20:29:32 +0000
-
koffice (1:1.6.2-0ubuntu1.1) feisty-security; urgency=low
* SECURITY UPDATE: xpdf buffer overflow
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredictor().
* Add kubuntu_01_xpdf-CVE-2007-3387.diff
fixes input data check in kpdf/xpdf/xpdf/Stream.cc
* References
http://www.kde.org/info/security/advisory-20070730-1.txt
CVE-2007-3387
* Add build-dep on libcairo2-dev due to poppler bug
-- Jonathan Riddell <email address hidden> Thu, 02 Aug 2007 17:00:06 +0100
-
koffice (1:1.6.2-0ubuntu1) feisty; urgency=low
* New upstream release
-- Jonathan Riddell <email address hidden> Tue, 13 Feb 2007 11:55:03 +0000
-
koffice (1:1.6.1-0ubuntu3) feisty; urgency=low
* SECURITY UPDATE: kpdf/kword/xpdf denial of service vulnerability
* kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause denial of service (infinite loop)
via a PDF file that contains a crafted catalog dictionary
or a crafted Pages attribute that references an invalid page
tree node.
* Add kubuntu_07_xpdf_vulnerability.diff
* References:
http://www.kde.org/info/security/advisory-20070115-1.txt
CVE-2007-0104
-- Jonathan Riddell <email address hidden> Mon, 15 Jan 2007 19:24:24 +0000
-
koffice (1:1.6.1-0ubuntu2) feisty; urgency=low
* Rebuild for python2.5 as the default python version.
-- Matthias Klose <email address hidden> Sun, 14 Jan 2007 16:26:43 +0000
-
koffice (1:1.6.1-0ubuntu1) feisty; urgency=low
* New upstream release
* Add build-depends on libexif-dev, libpoppler-qt-dev
* Remove 13_krita_fill_tablet.diff, 15_krita_tablet_stylus.diff
and 17_krita_color_range_crash.diff applied upstream
-- Jonathan Riddell <email address hidden> Tue, 21 Nov 2006 13:29:51 +0000
-
koffice (1:1.6.0-3ubuntu1) feisty; urgency=low
* Merge with Debian
-- Jonathan Riddell <email address hidden> Fri, 17 Nov 2006 22:48:27 +0000
-
koffice (1:1.5.2-0ubuntu2) edgy; urgency=low
* Remove build-dep on libpqxx-dev
-- Jonathan Riddell <email address hidden> Tue, 11 Jul 2006 15:30:41 +0000