From ${URL} : A vulnerability was found in the way the catdoc parses certain word documents. A specially crafted file could cause an attempt to access an invalid pointer. This will cause catdoc to crash. Original bug report with reproducer attached: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=810883 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The debian patch has been applied to catdoc-0.95. I cannot reproduce any of the segfaults with that version.
@ Felix, thank you for your contribution! @ Arches, please test and mark stable: =app-text/catdoc-0.95 Targeted stable KEYWORDS: amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Re-designating again. Just a crash with no execution of code. @maintainer(s), please clean the vulnerable version so we can close this.
Please cleanup so we can close this.
cleaned: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ded9a39cd0cdea45db5b5d11d2267b9a38b3d17a
