diff options
-rw-r--r-- | user/catdoc/APKBUILD | 12 | ||||
-rw-r--r-- | user/catdoc/CVE-2017-11110.patch | 32 |
2 files changed, 41 insertions, 3 deletions
diff --git a/user/catdoc/APKBUILD b/user/catdoc/APKBUILD index 2b6bc7d3d..4296c8167 100644 --- a/user/catdoc/APKBUILD +++ b/user/catdoc/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: A. Wilcox <awilfox@adelielinux.org> pkgname=catdoc pkgver=0.95 -pkgrel=1 +pkgrel=2 pkgdesc="Read information and data from Microsoft Office documents" url="http://www.wagner.pp.ru/~vitus/software/catdoc/" arch="all" @@ -11,7 +11,12 @@ license="GPL-2.0-only" depends="" makedepends="" subpackages="$pkgname-doc" -source="http://ftp.wagner.pp.ru/pub/catdoc/catdoc-$pkgver.tar.gz" +source="http://ftp.wagner.pp.ru/pub/catdoc/catdoc-$pkgver.tar.gz + CVE-2017-11110.patch" + +# secfixes: +# 0.95-r2: +# - CVE-2017-11110 build() { cd "$builddir" @@ -31,4 +36,5 @@ package() { make -j1 install } -sha512sums="dd6bded4b6b70749c007256b182b063ff266f86d53024d8582001678821e8096c5b980bc8f43015d9c82bbe022d71d4ba5fe68aff31b2ff6db3688595e651b2c catdoc-0.95.tar.gz" +sha512sums="dd6bded4b6b70749c007256b182b063ff266f86d53024d8582001678821e8096c5b980bc8f43015d9c82bbe022d71d4ba5fe68aff31b2ff6db3688595e651b2c catdoc-0.95.tar.gz +15d1da9fe095c6e4a990faa22ee67952d91494057a1fd6334f2eb671898156c95245b54f229549a5662d13dec6ecc4e607583e865fb9775fea8d163755cf04b0 CVE-2017-11110.patch" diff --git a/user/catdoc/CVE-2017-11110.patch b/user/catdoc/CVE-2017-11110.patch new file mode 100644 index 000000000..d36d5d63c --- /dev/null +++ b/user/catdoc/CVE-2017-11110.patch @@ -0,0 +1,32 @@ +Description: CVE-2017-11110: Heap buffer overflow in ole_init +Origin: vendor, https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?rev=d437c3be72c2e5a3516b75f4e9de6b35 +Bug-Debian: https://bugs.debian.org/867717 +Bug-SuSE: https://bugzilla.novell.com/show_bug.cgi?id=1047877 +Forwarded: no +Author: Andreas Stieger <astieger@suse.com> +Reviewed-by: Salvatore Bonaccorso <carnil@debian.org> +Last-Update: 2017-07-20 + +--- a/src/ole.c ++++ b/src/ole.c +@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si + return NULL; + } + sectorSize = 1<<getshort(oleBuf,0x1e); ++ /* CVE-2017-11110 */ ++ if (sectorSize < 4) { ++ fprintf(stderr, "sectorSize < 4 not supported\n"); ++ return NULL; ++ } + shortSectorSize=1<<getshort(oleBuf,0x20); + + /* Read BBD into memory */ +@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si + } + + fseek(newfile, 512+mblock*sectorSize, SEEK_SET); +- if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, ++ if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >=4 for CVE-2017-11110 */ + 1, sectorSize, newfile) != sectorSize) { + fprintf(stderr, "Error read MSAT!\n"); + ole_finish(); |