The advisory should follow next monday.
Created attachment 70104 [details] kword-3.4.1-rtfimport.diff
Created attachment 70105 [details] kword-1.4.1-r1.ebuild For those archs who want to check already... alpha and ppc64 don't have KOffice 1.4 marked stable yet, but the patch applies to KOffice 1.3.5 as well.
This is CAN-2005-2971
*** Bug 106898 has been marked as a duplicate of this bug. ***
Thx Carsten, do you have a draft advisory and an updated kword ebuild? Calling arch security liaisons: alpha kloeri amd64 blubb ppc hansmi ppc64 tgall sparc gustavoz x86 tester Do NOT commit anything to Portage.
CC'ing cryos since he's our kde-guy ;)
Created attachment 70151 [details] advisory-20051010-1.txt (In reply to comment #5) > Thx Carsten, do you have a draft advisory Sure, it's terse, though. > and an updated kword ebuild? Is the one I attached not good enough?
Sorry I meant koffice, if you want that tested too.
Tested kword here. I was able to both save and open rtf files. Is there any test rtf file I should be trying? Otherwise amd64 looks good to go here - all the normal stuff seems to work as always.
Looks good for ppc.
Sune: The code is the same... Marcus: I don't have a test rtf.
PoC RTF @ http://scary.beasts.org/misc/out27.rtf
I dont do kde... Carlo: are you on x86?
Good on alpha.
Adding weeve since he's our KDE man(tm) (and my KDE is b0rked).
1.4.2 released but no apparent mention of this issue. Let's keep this closed until their advisory is out. Note: Good on alpha and ppc so far.
This is now public. Carlo please commit an updated ebuild and we'll call remaining arches to mark stable
Fixed ebuilds are already in the tree. Arches please test and mark 1.4.1-r1 or 1.4.2 stable. KDE, please follow normal security release procedures next time.
I committed the fixed ebuilds a few hours ago, sorry. The ebuilds that are ready to be marked stable are app-office/koffice-1.4.1-r1 and app-office/kword-1.4.1-r1. ppc64: I see you don't have koffice/kword-1.4.x marked stable, do you think you can mark it stable right now or do you prefer to have a patched version of koffice/kword-1.3.x too?
I just committed koffice-1.3.5-r3 and kword-1.3.5-r1 for those who don't see KOffice 1.4 stable on their architecture yet. (In reply to comment #13) > I dont do kde... > Carlo: are you on x86? Yes, marked stable already.
amd64 done.
Alpha done.
And on the 7th day, there was SPARC, and it was good.
Marked ppc stable.
Marked app-office/koffice-1.4.1-r1 and app-office/kword-1.4.1-r1 and supporting deps ppc64 today.
This one is ready for GLSA.
GLSA 200510-12 Note: Both Thierry and I voted for GLSA on this one on IRC.
