From https://bugzilla.redhat.com/show_bug.cgi?id=872390 : A Debian bug report [1] noted that there is a buffer overflow in catdoc's src/xlsparse.c, which contains: for (i=0;i<NUMOFDATEFORMATS; i++); FormatIdxUsed[i]=0; Because of the ";" at the end of the first line, it effectively sets i to NUMOFDATEFORMATS, which will cause it to write past defined buffer. This could lead to a denial of service (crash of catdoc). The Debian bug report indicates that this could possibly be used for worse things than a crash, but I'm not sure (I can see it writing past the end of the buffer, but all it is writing is 0's and not anything user-defined). [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692076
Seems this package has gotten a new home compared to the HOMEPAGE in our ebuilds. The issue is fixed in 0.94.4 according to http://metadata.ftp-master.debian.org/changelogs/main/c/catdoc/unstable_changelog The package is available at https://launchpad.net/ubuntu/+source/catdoc/0.94.4-1.1 , specifically https://launchpad.net/ubuntu/+archive/primary/+files/catdoc_0.94.4.orig.tar.gz
*catdoc-0.94.4 (11 Sep 2014) 11 Sep 2014; Tim Harder <radhermit@gentoo.org> +catdoc-0.94.4.ebuild, +files/catdoc-0.94.4-desktop.patch, +files/catdoc-0.94.4-destdir.patch: Security bump (bug #440942). Arches, please stabilize: =app-text/catdoc-0.94.4 Stable targets: amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
(In reply to Agostino Sarubbo from comment #4) > x86 stable. > > Maintainer(s), please cleanup. > Security, please vote. Arches, thank you for your work. GLSA Vote: No
GLSA vote: no. Maintainers, please clean up affected versions.
Maintainer(s): Ping on cleanup!
Arches and Maintainer(s), Thank you for your work. No GLSA - Closing Bug as Resolved
