[libreoffice] 02/07: import ubuntu11

Rene Engelhard rene at moszumanska.debian.org
Thu Jul 27 19:17:15 UTC 2017 

This is an automated email from the git hooks/post-receive script.

rene pushed a commit to tag libreoffice_3.5.7_0ubuntu13
in repository libreoffice.

commit ca8e0a49645ce69179a8efed7415ee939104ff00
Author: Bjoern Michaelsen <bjoern.michaelsen at canonical.com>
Date:   Wed Jul 27 09:48:50 2016 +0200

    import ubuntu11
---
 changelog                       | 11 ++++++++++-
 patches/rtf-use-after-free.diff | 13 +++++++++++++
 patches/series                  |  1 +
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/changelog b/changelog
index 3c87813..2edbf89 100644
--- a/changelog
+++ b/changelog
@@ -1,4 +1,13 @@
-libreoffice (1:3.5.7-0ubuntu10~precise1) precise; urgency=medium
+libreoffice (1:3.5.7-0ubuntu11) precise-security; urgency=low
+
+  * SECURITY UPDATE: Denial of service and possible arbitrary code execution
+    via a crafted RTF file
+    - debian/patches/rtf-use-after-free.diff: Prevent rtf use-after-free
+    - CVE-2016-4324
+
+ -- Bjoern Michaelsen <bjoern.michaelsen at canonical.com>  Fri, 24 Jun 2016 21:56:05 +0200
+
+libreoffice (1:3.5.7-0ubuntu10) precise-security; urgency=medium
 
   * various lwp fixes
 
diff --git a/patches/rtf-use-after-free.diff b/patches/rtf-use-after-free.diff
new file mode 100644
index 0000000..e84308f
--- /dev/null
+++ b/patches/rtf-use-after-free.diff
@@ -0,0 +1,13 @@
+Index: libreoffice-3.5.7/writerfilter/source/rtftok/rtfdocumentimpl.cxx
+===================================================================
+--- libreoffice-3.5.7.orig/writerfilter/source/rtftok/rtfdocumentimpl.cxx	2016-06-25 00:31:33.000000000 +0200
++++ libreoffice-3.5.7/writerfilter/source/rtftok/rtfdocumentimpl.cxx	2016-06-25 02:45:28.997653128 +0200
+@@ -486,6 +486,8 @@
+ 
+ void RTFDocumentImpl::parBreak()
+ {
++    if(m_aStates.empty())
++        return;
+     checkFirstRun();
+     checkNeedPap();
+     // end previous paragraph
diff --git a/patches/series b/patches/series
index 73197b9..2c10ae8 100644
--- a/patches/series
+++ b/patches/series
@@ -73,3 +73,4 @@ lwpfix2.diff
 lwpfix3.diff
 lwpfix4.diff
 lwpfix5.diff
+rtf-use-after-free.diff

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-openoffice/libreoffice.git

More information about the Pkg-openoffice-commits mailing list