lp:ubuntu/hoary-security/koffice
- Get this branch:
- bzr branch lp:ubuntu/hoary-security/koffice
Branch merges
Branch information
Recent revisions
- 7. By Jonathan Riddell
-
* SECURITY UPDATE: Multiple integer/buffer overflows in embedded xpdf code.
* Add debian/patches/ kubuntu_ 03_xpdf_ vulnerability. diff:
- xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix various integer overflows.
- Upstream patch from Derek Noonburg.
* CVE-2006-1244 - 6. By Jonathan Riddell
-
* SECURITY UPDATE: Multiple integer/buffer overflows.
* Update kubuntu_02_xpdf_ vulnerability. diff
* xpdf/Stream.cc, CCITTFaxStream::CCITTFaxStream ():
- Check columns for negative or large values.
- CVE-2005-3624
* xpdf/Stream.cc, numComps checks introduced in CVE-2005-3191 patch:
- Reset numComps to 0 since it's a global variable that is used later.
- CVE-2005-3627
* xpdf/Stream.cc, DCTStream::readHuffmanTab les():
- Fix out of bounds array access in Huffman tables.
- CVE-2005-3627
* xpdf/Stream.cc, DCTStream::readMarker( ):
- Check for EOF in while loop to prevent endless loops.
- CVE-2005-3625
* xpdf/JBIG2Stream.cc, JBIG2Bitmap: :JBIG2Bitmap( ), JBIG2Bitmap: :expand( ),
JBIG2Stream::readHalftoneRe gionSeg( ):
- Check user supplied width and height against invalid values.
- Allocate one extra byte to prevent out of bounds access in combine().
- CVE-2005-3628
* References:
CVE-2005-3626
CESA-2005-003
http://www.kde. org/info/ security/ advisory- 20051207- 2.txt - 5. By Jonathan Riddell
-
* SECURITY UPDATE: Multiple integer/buffer overflows.
* Add kubuntu_02_xpdf_ vulnerability. diff
* xpdf/Stream.cc, DCTStream::readBaselineSO F(),
DCTStream::readProgressiv eSOF(), DCTStream: :readScanInfo( ):
- Check numComps for invalid values.
- http://www.idefense. com/application /poi/display? id=342& type=vulnerabil ities
- CVE-2005-3191
* xpdf/Stream.cc, StreamPredictor::StreamPredict or():
- Check rowBytes for invalid values.
- http://www.idefense. com/application /poi/display? id=344& type=vulnerabil ities
- CVE-2005-3192
* xpdf sources do not contain JPXStream.cc, and are thus
not vulnerable against CVE-2005-3193 - 4. By Jonathan Riddell
-
* Initial Ubuntu release
* SECURITY UPDATE: second kpdf Buffer Overflow Vulnerability
* added patch 02_xpdf_security_ integer_ overflow_ 2.diff from upstream
which fixes the Vulnerability
* References:
http://www.kde. org/info/ security/ advisory- 20041223- 1.txt
http://www.koffice. org/security/ 2004_xpdf_ integer_ overflow_ 2.php
CAN-2004-1125
* SECURITY UPDATE: third kpdf Buffer Overflow Vulnerability
* added patch 03_xpdf_security_ integer_ overflow_ 3.diff from upstream
which fixes the Vulnerability
* References:
http://www.kde. org/info/ security/ advisory- 20050119- 1.txt
http://www.koffice. org/security/ advisory- 20050120- 1.txt
CAN-2005-0064 - 3. By Ben Burton
-
* New upstream bugfix release.
* Built against newer imagemagick (closes: #246623).
* Made koffice-libs/kformula recommend/depend on latex-xft-fonts, which
provides mathematical fonts that the formula editor can use. Also
patched the kformula part to make these fonts the default.
* Changed kword menu hint from "WordProcessors" to "Word processors"
(closes: #246209).
* Spellchecker configuration is now fixed (closes: #221256, #227568). - 2. By Ben Burton <email address hidden>
-
* Fixed documentation conflicts (closes: Bug#140688).
* Demo files are all once zipped with no .gz extension (closes: Bug#136288).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/koffice