koffice includes xpdf code and therefore might be vulnerable to CAN-2004-1125. Please see bug 75191 for details and the patch.
koffice contains xpdf 2.00 (patched for earlier integer overflow stuff) and the vulnerability is verified for 3.00 Nevertheless the patch applies cleanly except for the last part (GfxState.cc lines 1054,1060), which is just a slight change in an error message afaict.
KDE security has been notified about this together with the kpdf issue.
upstream has patched versions in CVS
<<< koffice-1.3.5-r1.ebuild <<< files/koffice_1_3_xpdf_buffer_overflow.diff herds: please mark stable. ppc{,64}: if it's necessary to create a new revision for 1.3.4, please do so, the patch should apply as well.
sparc is a go-go.
amd64 done
app-office/koffice-1.3.5-r1 is stable on ppc64. Markus
Stable on alpha.
Already marked ppc stable.
GLSA 200501-17