rev 7248 - in trunk/packages/koffice/debian: . patches

Wed Sep 26 21:57:56 UTC 2007

Author: ana
Date: 2007-09-26 21:57:56 +0000 (Wed, 26 Sep 2007)
New Revision: 7248

Added:
   trunk/packages/koffice/debian/patches/31_kpdf-CVE-2007-504.diff
Modified:
   trunk/packages/koffice/debian/changelog
   trunk/packages/koffice/debian/karbon.menu
   trunk/packages/koffice/debian/kchart.menu
   trunk/packages/koffice/debian/kformula.menu
   trunk/packages/koffice/debian/kivio.menu
   trunk/packages/koffice/debian/koshell.menu
   trunk/packages/koffice/debian/kpresenter.menu
   trunk/packages/koffice/debian/krita.menu
   trunk/packages/koffice/debian/kspread.menu
   trunk/packages/koffice/debian/kthesaurus.menu
   trunk/packages/koffice/debian/kugar.menu
   trunk/packages/koffice/debian/kword.menu
Log:
 * Patch for stack-based buffer overflow in the StreamPredictor::getNextLine
   function in xpd that might allow remote attackers to execute arbitrary
   code via a crafted PDF file. CVE-2007-504. (Closes: #444014)

 * Update section in Debian menu files.



Modified: trunk/packages/koffice/debian/changelog
===================================================================

--- trunk/packages/koffice/debian/changelog	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/changelog	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,3 +1,13 @@
+koffice (1:1.6.3-3) unstable; urgency=high
+
+  * Patch for stack-based buffer overflow in the StreamPredictor::getNextLine
+    function in xpd that might allow remote attackers to execute arbitrary code
+    via a crafted PDF file. CVE-2007-504. (Closes: #444014)
+
+  * Update section in Debian menu files. 
+
+ -- Ana Beatriz Guerrero Lopez <ana at debian.org>  Wed, 26 Sep 2007 23:29:24 +0200
+
 koffice (1:1.6.3-2) unstable; urgency=high
 
   * Implement uploaders.mk and update control.

Modified: trunk/packages/koffice/debian/karbon.menu
===================================================================
--- trunk/packages/koffice/debian/karbon.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/karbon.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(karbon):\
 	needs="x11"\
-	section="Apps/Graphics"\
+	section="Applications/Graphics"\
 	hints="KDE,Vector"\
 	title="Karbon"\
 	longtitle="Karbon (Scalable Graphics)"\

Modified: trunk/packages/koffice/debian/kchart.menu
===================================================================
--- trunk/packages/koffice/debian/kchart.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/kchart.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(kchart):\
 	needs="x11"\
-	section="Apps/Math"\
+	section="Applications/Office"\
 	hints="KDE,Graphs"\
 	title="KChart"\
 	longtitle="KChart (Charting)"\

Modified: trunk/packages/koffice/debian/kformula.menu
===================================================================
--- trunk/packages/koffice/debian/kformula.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/kformula.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(kformula):\
 	needs="x11"\
-	section="Apps/Math"\
+	section="Applications/Science/Mathematics"\
 	hints="KDE"\
 	title="KFormula"\
 	longtitle="KFormula (Formula Editor)"\

Modified: trunk/packages/koffice/debian/kivio.menu
===================================================================
--- trunk/packages/koffice/debian/kivio.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/kivio.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(kivio):\
 	needs="x11"\
-	section="Apps/Tools"\
+	section="Applications/Graphics"\
 	hints="KDE,Vector"\
 	title="Kivio"\
 	longtitle="Kivio (Flowchart and Diagram Editing)"\

Modified: trunk/packages/koffice/debian/koshell.menu
===================================================================
--- trunk/packages/koffice/debian/koshell.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/koshell.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(koshell):\
 	needs="x11"\
-	section="Apps/Tools"\
+	section="Applications/Office"\
 	hints="KDE"\
 	title="KOffice Workspace"\
 	longtitle="KOffice Workspace (Office Suite)"\

Modified: trunk/packages/koffice/debian/kpresenter.menu
===================================================================
--- trunk/packages/koffice/debian/kpresenter.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/kpresenter.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(kpresenter):\
 	needs="x11"\
-	section="Apps/Tools"\
+	section="Applications/Office"\
 	hints="KDE,Presentation"\
 	title="KPresenter"\
 	longtitle="KPresenter (Slide Presentations)"\

Modified: trunk/packages/koffice/debian/krita.menu
===================================================================
--- trunk/packages/koffice/debian/krita.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/krita.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(krita):\
 	needs="x11"\
-	section="Apps/Graphics"\
+	section="Applications/Graphics"\
 	hints="KDE,Bitmap"\
 	title="Krita"\
 	longtitle="Krita (Image Manipulation)"\

Modified: trunk/packages/koffice/debian/kspread.menu
===================================================================
--- trunk/packages/koffice/debian/kspread.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/kspread.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(kspread):\
 	needs="x11"\
-	section="Apps/Math"\
+	section="Applications/Office"\
 	hints="KDE,Spreadsheets"\
 	title="KSpread"\
 	longtitle="KSpread (Spreadsheets)"\

Modified: trunk/packages/koffice/debian/kthesaurus.menu
===================================================================
--- trunk/packages/koffice/debian/kthesaurus.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/kthesaurus.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(kthesaurus):\
 	needs="x11"\
-	section="Apps/Tools"\
+	section="Applications/Office"\
 	hints="KDE"\
 	title="KThesaurus"\
 	longtitle="KThesaurus (Related Words)"\

Modified: trunk/packages/koffice/debian/kugar.menu
===================================================================
--- trunk/packages/koffice/debian/kugar.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/kugar.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(kugar):\
 	needs="x11"\
-	section="Apps/Tools"\
+	section="Applications/Office"\
 	hints="KDE"\
 	title="Kugar"\
 	longtitle="Kugar (Report Generator)"\
@@ -9,7 +9,7 @@
 
 ?package(kugar):\
 	needs="x11"\
-	section="Apps/Tools"\
+	section="Applications/Office"\
 	hints="KDE"\
 	title="Kugar Designer"\
 	longtitle="Kugar Designer (Report Template Designer)"\

Modified: trunk/packages/koffice/debian/kword.menu
===================================================================
--- trunk/packages/koffice/debian/kword.menu	2007-09-26 21:31:50 UTC (rev 7247)
+++ trunk/packages/koffice/debian/kword.menu	2007-09-26 21:57:56 UTC (rev 7248)
@@ -1,6 +1,6 @@
 ?package(kword):\
 	needs="x11"\
-	section="Apps/Editors"\
+	section="Applications/Editors"\
 	hints="KDE,Word processors"\
 	title="KWord"\
 	longtitle="KWord (Word Processing)"\

Added: trunk/packages/koffice/debian/patches/31_kpdf-CVE-2007-504.diff
===================================================================
--- trunk/packages/koffice/debian/patches/31_kpdf-CVE-2007-504.diff	                        (rev 0)
+++ trunk/packages/koffice/debian/patches/31_kpdf-CVE-2007-504.diff	2007-09-26 21:57:56 UTC (rev 7248)
@@ -0,0 +1,25 @@
+--- filters/kword/pdf/xpdf/xpdf/Stream.cc.patchedA	2007-09-26 23:43:46.000000000 +0200
++++ filters/kword/pdf/xpdf/xpdf/Stream.cc	2007-09-26 23:53:09.000000000 +0200
+@@ -414,16 +414,14 @@
+   ok = gFalse;
+ 
+   nVals = width * nComps;
+-  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
+-     nComps >= 4 || nBits > 16 ||
+-      width >= INT_MAX / nComps ||
+-      nVals >= (INT_MAX - 7) / nBits)
+-    return;
+-
+   pixBytes = (nComps * nBits + 7) >> 3;
+   rowBytes = ((nVals * nBits + 7) >> 3) + pixBytes;
+-  if (rowBytes < 0)
+-    return;
++  if (width <= 0 || nComps <= 0 || nBits <= 0 ||
++     nComps > gfxColorMaxComps ||
++     nBits > 16 ||
++     width >= INT_MAX / nComps ||      // check for overflow in nVals 
++     nVals >= (INT_MAX - 7) / nBits) { // check for overflow in rowBytes
++   return;
+ 
+   predLine = (Guchar *)gmalloc(rowBytes);
+   memset(predLine, 0, rowBytes);


