lp:ubuntu/dapper-security/koffice
- Get this branch:
- bzr branch lp:ubuntu/dapper-security/koffice
Branch merges
Branch information
Recent revisions
- 23. By Kees Cook
-
* SECURITY UPDATE: arbitrary code execution via malicious embedded fonts.
* debian/patches/ 40_pdf2- embedded- font-fixes. diff: stronger type-checking
added.
* References
CVE-2008-1693 - 22. By Jonathan Riddell
-
* SECURITY UPDATE: multiple xpdf based vulnerabilities
* Remotely supplied pdf files can be used to disrupt the koffice PDF
import filter on the client machine and possibly execute arbitrary code.
* Add debian/patches/ kubuntu_ 08_xpdf2- CVE-2007- 4352-5392- 5393.diff
edits filters/kword/pdf/ xpdf/xpdf/ Stream. cc and .h
* References
CVE-2007-4352
CVE-2007-5392
CVE-2007-5393
http://www.kde. org/info/ security/ advisory- 20071107- 1.txt - 21. By Jonathan Riddell
-
* SECURITY UPDATE: xpdf buffer overflow
kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause a stack based buffer overflow
via a PDF file that exploits an integer overflow in
StreamPredictor::StreamPredi ctor().
* Add kubuntu_01_xpdf- CVE-2007- 3387.diff
fixes input data check in kpdf/xpdf/xpdf/Stream. cc
* References
http://www.kde. org/info/ security/ advisory- 20070730- 1.txt
CVE-2007-3387 - 20. By Jonathan Riddell
-
* SECURITY UPDATE: kpdf/kword/xpdf denial of service vulnerability
* kpdf, the KDE pdf viewer, shares code with xpdf. xpdf contains
a vulnerability that can cause denial of service (infinite loop)
via a PDF file that contains a crafted catalog dictionary
or a crafted Pages attribute that references an invalid page
tree node.
* Add kubuntu_07_xpdf_ vulnerability. diff
* References:
http://www.kde. org/info/ security/ advisory- 20070115- 1.txt
CVE-2007-0104 - 19. By Jonathan Riddell
-
* SECURITY UPDATE: Potential arbitrary code execution.
* Add debian/patches/ kubuntu_ 07_xpdf_ vulnerability. diff:
- xpdf/JBIG2Stream.cc, xpdf/Stream.h, splash/ SplashXPathScan ner.cc: Fix
various integer overflows.
- Upstream patch from Derek Noonburg.
* CVE-2006-1244 - 17. By Luka Renko
-
* Add kubuntu_
04_num_ locale. patch (backport from 1.5.1) to fix numeric
values breaking file compatibility with OpenOffice.org (Malone #43887)
* Add kubuntu_05_kword_ skim.patch (backport from 1.5.1) to fix skim
input method in KWord (Malone #39753)
* Add kubuntu_06_kword_ accent. patch (backport from 1.5.1) to fix accent
characters in KWord (Malone #41718) - 14. By Jonathan Riddell
-
* Remove dependency from koffice on kplato, kplato not yet
ready for main
* Add places on koffice-dev for libkexi-dev
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/koffice