Debian Bug report logs -
#684004
calligra: Buffer overflow
Reported by: Moritz Muehlenhoff <jmm@inutil.org>
Date: Mon, 6 Aug 2012 08:33:01 UTC
Severity: grave
Tags: fixed-upstream, security, upstream
Fixed in version calligra/1:2.4.3-2
Done: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#684004; Package calligra.
(Mon, 06 Aug 2012 08:33:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>.
(Mon, 06 Aug 2012 08:33:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: calligra
Severity: grave
Tags: security
Justification: user security hole
Please see:
https://projects.kde.org/projects/calligra/repository/diff?rev=7d72f7dd8d28d18c59a08a7d43bd4e0654043103&rev_to=7a9fa21b1f812b74b3e1501480dd14d10aeb347b
Reported here:
http://media.blackhat.com/bh-us-12/Briefings/C_Miller/BH_US_12_Miller_NFC_attack_surface_WP.pdf (page 39ff)
There's no CVE ID yet.
Cheers,
Moritz
Added tag(s) upstream, pending, and fixed-upstream.
Request was from Pino Toscano <pino@debian.org>
to control@bugs.debian.org.
(Mon, 06 Aug 2012 09:27:07 GMT) (full text, mbox, link).
Bug 684004 cloned as bug 684078
Request was from Scott Kitterman <scott@kitterman.com>
to control@bugs.debian.org.
(Mon, 06 Aug 2012 19:09:13 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>:
Bug#684004; Package calligra.
(Mon, 20 Aug 2012 18:03:09 GMT) (full text, mbox, link).
Acknowledgement sent
to Lisandro Damián Nicanor Pérez Meyer <perezmeyer@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>.
(Mon, 20 Aug 2012 18:03:09 GMT) (full text, mbox, link).
Message #14 received at 684004@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
tag 684004 pending
thanks
Hi! This bug is pending an upload. We are currently waiting the RT to decide
if they pre-approve the changes in the package before uploading (see #685331).
Kinds regards, Lisandro.
--
12: Es posible insertar imagenes en los documentos y archivos al
trabajar con Word
* No o Si
Damian Nadales
http://mx.grulic.org.ar/lurker/message/20080307.141449.a70fb2fc.es.html
Lisandro Damián Nicanor Pérez Meyer
http://perezmeyer.com.ar/
http://perezmeyer.blogspot.com/
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>:
You have taken responsibility.
(Wed, 05 Sep 2012 00:06:09 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer.
(Wed, 05 Sep 2012 00:06:09 GMT) (full text, mbox, link).
Message #19 received at 684004-close@bugs.debian.org (full text, mbox, reply):
Source: calligra
Source-Version: 1:2.4.3-2
We believe that the bug you reported is fixed in the latest version of
calligra, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 684004@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org> (supplier of updated calligra package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 19 Aug 2012 15:06:46 -0300
Source: calligra
Binary: calligra karbon kexi kexi-calligrasheets-driver kexi-mysql-driver kexi-postgresql-driver kexi-xbase-driver kexi-sybase-driver kexi-web-form-widget kexi-map-form-widget calligra-reports-web-element calligra-reports-map-element krita krita-data kthesaurus calligrasheets calligraplan calligrawords calligrawords-data calligrastage calligraflow calligraflow-data braindump calligramobile calligra-libs calligra-data okular-backend-odp calligra-dbg
Architecture: source all amd64
Version: 1:2.4.3-2
Distribution: unstable
Urgency: low
Maintainer: Debian Qt/KDE Maintainers <debian-qt-kde@lists.debian.org>
Changed-By: Lisandro Damián Nicanor Pérez Meyer <lisandro@debian.org>
Description:
braindump - ideas organizer application for the Calligra Suite
calligra - extensive productivity and creative suite
calligra-data - common shared data for the Calligra Suite
calligra-dbg - debugging symbols for Calligra
calligra-libs - common libraries and binaries for the Calligra Suite
calligra-reports-map-element - map element for Calligra Reports
calligra-reports-web-element - web element for Calligra Reports
calligraflow - flowcharting program for the Calligra Suite
calligraflow-data - data files for Flow flowcharting program
calligramobile - version of Calligra for mobile
calligraplan - integrated project management and planning tool
calligrasheets - spreadsheet for the Calligra Suite
calligrastage - presentation program for the Calligra Suite
calligrawords - word processor for the Calligra Suite
calligrawords-data - data files for Words word processor
karbon - vector graphics application for the Calligra Suite
kexi - integrated database environment for the Calligra Suite
kexi-calligrasheets-driver - Tables plugin for kexi
kexi-map-form-widget - map form widget for Kexi
kexi-mysql-driver - MySQL support for kexi
kexi-postgresql-driver - PostgreSQL support for kexi
kexi-sybase-driver - Sybase support for kexi
kexi-web-form-widget - web form widget for Kexi
kexi-xbase-driver - XBase support for kexi
krita - pixel-based image manipulation program for the Calligra Suite
krita-data - data files for Krita painting program
kthesaurus - thesaurus for the Calligra Suite
okular-backend-odp - Okular backend for ODP documents
Closes: 679731 682763 684004
Changes:
calligra (1:2.4.3-2) unstable; urgency=low
.
* Team upload.
.
[ Adrien Grellier ]
* Fix karbon: extra space for paragraph separation in the package
description. (Closes: #679731)
* Split the templates from calligra-data to the application's packages.
(Closes: #682763)
.
[ Pino Toscano ]
* Backport upstream commit 7d72f7dd8d28d18c59a08a7d43bd4e0654043103 to fix
a buffer overflow in the msword import filter (CVE-2012-3456); patch
upstream_Make-sure-not-to-write-behind-the-allocated-memory.patch.
(Closes: #684004)
* Force the "kde" build system to dh_auto_configure, so the proper kdeinit
handling is applied.
* Fix description of krita to be within 80 columns.
Checksums-Sha1:
89a363fc12c05b65c1b472fbcfe59e5caf6133a7 4212 calligra_2.4.3-2.dsc
8fc016424ace92c6bb5b163d495b0a0601bff99a 34003 calligra_2.4.3-2.debian.tar.gz
e9c467adab11e90b18df72c4dc5ca7dd7b21445a 10982 calligra_2.4.3-2_all.deb
c831c36b6754af8a169ba4dabdd89a64ae9fb65a 686874 karbon_2.4.3-2_amd64.deb
bf03bba90717eb625a19b63088631bf0f4efbefd 3503628 kexi_2.4.3-2_amd64.deb
7efc6f1997e7485472d160256169de1f80b52578 23022 kexi-calligrasheets-driver_2.4.3-2_amd64.deb
065ae537fd4b2108794ce770f02108c3b9ac991c 56642 kexi-mysql-driver_2.4.3-2_amd64.deb
2c235f5abd41f6524465bae4a5a9562f7f64b1bc 79710 kexi-postgresql-driver_2.4.3-2_amd64.deb
be619471d834e19a97697326e3ad2389d800d222 55470 kexi-xbase-driver_2.4.3-2_amd64.deb
32aac705fd107a71bb1709ed6dcc5be48dd0708d 63292 kexi-sybase-driver_2.4.3-2_amd64.deb
40f1e0299917ce22e0afbe50f630463d5c3e99b9 28048 kexi-web-form-widget_2.4.3-2_amd64.deb
87a2ff6efe4d19376068db850af3632ee839f495 27906 kexi-map-form-widget_2.4.3-2_amd64.deb
3da9f18b5a0f7d76b9be3b420b6a6940bb1f16d3 29364 calligra-reports-web-element_2.4.3-2_amd64.deb
9baa4df6364691ed398a83ecb4b5becd8767bb97 36962 calligra-reports-map-element_2.4.3-2_amd64.deb
0d9d283e10d2a44f6c2c79454b14c520fc7d82f5 6363848 krita_2.4.3-2_amd64.deb
1a41a1dec3e7fd8a97c88a547c9d435eca2f9bd5 19699992 krita-data_2.4.3-2_all.deb
d929ec5b2b74c7a64ce89c1d093ea2459e18adef 27088 kthesaurus_2.4.3-2_amd64.deb
ca1d595ce93c771c0f99c8d5a5cfa66423c4aa42 4440630 calligrasheets_2.4.3-2_amd64.deb
c4af8b7d46e1345e370e041d33f66568f95c6c2e 2214682 calligraplan_2.4.3-2_amd64.deb
9762d5ad623c9339f7595e18f034f8f052014659 2608212 calligrawords_2.4.3-2_amd64.deb
1d2682339c4f44a775d0e886eae2a2f0112f1ce0 489596 calligrawords-data_2.4.3-2_all.deb
45993a85fc1a943f865674f7263e4ac8340f6810 8075416 calligrastage_2.4.3-2_amd64.deb
1506fe0fe7a4619632e13c383cced1eaecca1568 78584 calligraflow_2.4.3-2_amd64.deb
7767801b7f9046cfbc05687a9a1d6a1c3f1d9fc5 6188772 calligraflow-data_2.4.3-2_all.deb
bf371b4b3fc3e625ec9eb55ce27c49b13dba5a15 285008 braindump_2.4.3-2_amd64.deb
bf3199c1b46f4a86e3c51ea965b5127d36553a59 376310 calligramobile_2.4.3-2_amd64.deb
61caecc14da2c49477c9dba177890dcf83ecfd15 6575276 calligra-libs_2.4.3-2_amd64.deb
2e56e4e59d126f2b13298198e9726b42f1360401 1525508 calligra-data_2.4.3-2_all.deb
8922b2983288b6df20f666c605620a2d54bc391f 22632 okular-backend-odp_2.4.3-2_amd64.deb
990dc9ac69a1377bca6bc377e0ceb0e8c2c3dcfc 334645062 calligra-dbg_2.4.3-2_amd64.deb
Checksums-Sha256:
11a1a1f9d610b8fe28d9b467e0a2db45c4037a908dbb1d11fd9a94e54e0e5b1b 4212 calligra_2.4.3-2.dsc
68c6a9be9df899b79180499c59ea52c813c65d079e2f42562962c4557ea39096 34003 calligra_2.4.3-2.debian.tar.gz
7c1e7c199f522c5ee1da61ff22b7730ecca328574280eaff49be60c5dd058d18 10982 calligra_2.4.3-2_all.deb
c251b9d85a063177847b482ff10cce2fb2e47a844f3b7dd91290b28bfe0b3961 686874 karbon_2.4.3-2_amd64.deb
52da18c9408f64cdf7c8a8d0ebc814576714756747bc64db5ca3c97527f8e35b 3503628 kexi_2.4.3-2_amd64.deb
d500b21d696c09c4b49dfd3b96e2ddf9ac1cc2ef3acd7f4e47d43e20442d084f 23022 kexi-calligrasheets-driver_2.4.3-2_amd64.deb
c38ca4145400cb17685050447a5e0c029c5a4db179f75021083d554d817e46cd 56642 kexi-mysql-driver_2.4.3-2_amd64.deb
17a350ece03dd0b1ef6356bbd7c2917098c65db446b7a7cd2a21c0b6ac36c3f0 79710 kexi-postgresql-driver_2.4.3-2_amd64.deb
12ddab336a2fc0462df76b184ed1a65264c8550d3a62e38c82d01ad87a814612 55470 kexi-xbase-driver_2.4.3-2_amd64.deb
97b5a6708a36f80b0feadc0fed7493799245b7cb6136f902a3c5e4d3838085b7 63292 kexi-sybase-driver_2.4.3-2_amd64.deb
7226404de4272ba74a23cb89fb3be3061be94a74f2e1c815b0a302420b8bbd0d 28048 kexi-web-form-widget_2.4.3-2_amd64.deb
25de81e16aa5a3771dad0eacb22929f74e519426f7f49f50f574285917407ce5 27906 kexi-map-form-widget_2.4.3-2_amd64.deb
552b5d6719b79302a357a693414f010b687997e39d197a6595d7439af0311c1c 29364 calligra-reports-web-element_2.4.3-2_amd64.deb
eb2b6a5a8283e525b3350186772b92c15b4d360a8478cb1c6093eb3e5d7281b7 36962 calligra-reports-map-element_2.4.3-2_amd64.deb
0f1ac0dc6c126ac019aa91c3fd3766f34a56b2648d162e2c0779089937c7c9c9 6363848 krita_2.4.3-2_amd64.deb
f56fda62741a077d777fa85aa732123b33513a17f7795974d3276f79def18c26 19699992 krita-data_2.4.3-2_all.deb
86137a960863502d5337bdf02c221d28f38637005e02105b4802a868d7b05630 27088 kthesaurus_2.4.3-2_amd64.deb
f47eb504b91561b0410cec1e8d48aed968059b338100f90de8e04aabb93d896c 4440630 calligrasheets_2.4.3-2_amd64.deb
71816eecc735abed5e0207344fb21fb1989d974f113be70450e3dd77e1dc58fe 2214682 calligraplan_2.4.3-2_amd64.deb
2617f78e033ae1d97c129086d671f37915a031bc2e0d5dfc84170c5907dc72a2 2608212 calligrawords_2.4.3-2_amd64.deb
70728bb59214ce62437fb63c022233bac91618c9ab9a33920dc55bc5faab577b 489596 calligrawords-data_2.4.3-2_all.deb
c55e010d105cabf195cebb91adfc21d76cf9082d90f65c0048f1b5d033d99dca 8075416 calligrastage_2.4.3-2_amd64.deb
28b172698c68d53a7ecb13914a74b7d68dc5937024e6085605b83f247a0fd4a3 78584 calligraflow_2.4.3-2_amd64.deb
fa86f631b501743119d7be2cd36b1aa2527db7a951ce9206df8c935fce7a2eb6 6188772 calligraflow-data_2.4.3-2_all.deb
ea4da23e4a305b16575da622b656d09973f7a2f2913c3d888238221cc9fd52ea 285008 braindump_2.4.3-2_amd64.deb
fbd10752a0c16ad8dec469bc89178300fb368d46d96bf3fee338c1b57785eda2 376310 calligramobile_2.4.3-2_amd64.deb
c0364de6039323f82f59079ddc82109a99c5d90dbb684be7bafcf60a232cdcb6 6575276 calligra-libs_2.4.3-2_amd64.deb
964f4db59910c94543ccc6f287fa8e9b3e51c42b66b55e4b459b00d3a1d58cb3 1525508 calligra-data_2.4.3-2_all.deb
4c1454a3d2dea3598bae6aa04765417ad93da6b7fd3b1771b13540ab0e37dcc3 22632 okular-backend-odp_2.4.3-2_amd64.deb
89e0a6382b7dec5c9910d8841ff735a1b291070d89c75d95af6ff7f73ab442af 334645062 calligra-dbg_2.4.3-2_amd64.deb
Files:
f181d271a2fc8c0ec6cec7d4f517f8d8 4212 kde optional calligra_2.4.3-2.dsc
47c576d6bedc5502ee9037083f90f340 34003 kde optional calligra_2.4.3-2.debian.tar.gz
4470b0b3273419757199b6e4446e51cb 10982 kde optional calligra_2.4.3-2_all.deb
0215d821cdee259c9a08dd54312aafab 686874 graphics optional karbon_2.4.3-2_amd64.deb
bf791f65f7b7a210c6f6d268a2de03ad 3503628 database optional kexi_2.4.3-2_amd64.deb
c0f002bea942b1b2d76377fda62926f3 23022 kde optional kexi-calligrasheets-driver_2.4.3-2_amd64.deb
1befd1ac6b6ace2be9b9e3890e6b0151 56642 database optional kexi-mysql-driver_2.4.3-2_amd64.deb
a82289205dabe8b297b5e96c090f481e 79710 database optional kexi-postgresql-driver_2.4.3-2_amd64.deb
fee639811723d38e8e2edb63d13a4ed5 55470 database optional kexi-xbase-driver_2.4.3-2_amd64.deb
5bcfd0883033c54ca6463e8dd79f82ff 63292 database optional kexi-sybase-driver_2.4.3-2_amd64.deb
d95d89cd4bdb58a0322c13665d71c856 28048 database optional kexi-web-form-widget_2.4.3-2_amd64.deb
da27bdd1cf2bd0af0a9b87fd1d5310af 27906 database optional kexi-map-form-widget_2.4.3-2_amd64.deb
b74ef5533ecfe9dc9784693ea1a9127f 29364 kde optional calligra-reports-web-element_2.4.3-2_amd64.deb
d0ce6070e03a127ae5ef4c5a218c8515 36962 kde optional calligra-reports-map-element_2.4.3-2_amd64.deb
4cadb24c7b6fcc05026b4cf5d72aa698 6363848 graphics optional krita_2.4.3-2_amd64.deb
a866d40c588010206c29f8ced02ecaba 19699992 graphics optional krita-data_2.4.3-2_all.deb
ea81e8aea59fc46350b04fd8daa065f6 27088 text optional kthesaurus_2.4.3-2_amd64.deb
d369d33bb31e41e448852b6e49ad327c 4440630 math optional calligrasheets_2.4.3-2_amd64.deb
60bd49c18d2e5e30451b52f64c375701 2214682 kde optional calligraplan_2.4.3-2_amd64.deb
1582ba98a5e2f9ee811496522ca6295f 2608212 text optional calligrawords_2.4.3-2_amd64.deb
0deac6fe3db531e42fdb7c7d70d27317 489596 text optional calligrawords-data_2.4.3-2_all.deb
35f1a95804c1f8a61683606780cf7b2b 8075416 kde optional calligrastage_2.4.3-2_amd64.deb
d15ab08b4e08b63fee779b79a445629a 78584 graphics optional calligraflow_2.4.3-2_amd64.deb
7cceddcc19f8c4395ea1f08a36371d58 6188772 graphics optional calligraflow-data_2.4.3-2_all.deb
1b812f202197ae77a0a7bee66d4cdf14 285008 kde optional braindump_2.4.3-2_amd64.deb
0cbe116f8d4e74367409ffb9332a59b3 376310 kde optional calligramobile_2.4.3-2_amd64.deb
c1c4d3f8b44273760b51bc2bf5adef33 6575276 libs optional calligra-libs_2.4.3-2_amd64.deb
ecccb06c2e6380dd38fa7f2e67d6c693 1525508 libs optional calligra-data_2.4.3-2_all.deb
23d5d0b28c844abcdcdbedb64c3dcab3 22632 graphics optional okular-backend-odp_2.4.3-2_amd64.deb
0f5da6f36bb4e9e7d46acf7e0e5ab4c6 334645062 debug extra calligra-dbg_2.4.3-2_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAEBCAAGBQJQRpOIAAoJEKtkX0BihqfQonoP/iHzlGnFTdBGE1/iL88G0Jpm
YICJvP2FONcFISbvNLT08Zk76+nL+LCJTavFz8p8qDp7iIOJYZkVEIjtRJYB+vFW
yiD6QSO8muF+8qo0GWTxHquT2eDtS4usTQcYeLtkrL0UuNhhH7ZcGBcOiB4Oli4w
Cz3702sAK7N7bxqAQ/uBZmM360bgVqq+mkhwefAd2sGk54eqphoyTd5/gcTMLUSK
f/94/5m0XToyVvcnq+Cd36vW22QsFh4RUoqyn+x9sK+iDvqhXctfOWInH/qKTNps
gVDhj7I92mGNjCP/RSpffW2yNZEVjvV4WPHHn6svNw2k+D+GjL497eAPNl/H18uA
aemouPQuKcwg5BfC9Nmaj/lk7G8cHKzz6MIZ8VwbHrT4FFFRrBEan+obGaWRL/Gy
oo8Atzr+dYt+kgFMZfB7lsI/YVgkhpSISh4/0JfoYj7x1PxVoFknQ2pQ/EHDbdSg
ch4N5qGH9OmGPMILBbGdRI2Q6CHbAx2u1W6dXLStEBXwuATyYnILWmo4WcCvlcJN
KAjqWaG90SWl0puLE8RGPMmOlFlTJiXfwCRy2d23kPzmgOIzhNtuyb0QJjZ6FpRX
JLnHvwfEbbzqpds3+J9FVD2VqSox61pZCTB2pzwRJaefHJemVuVm1VU2RhPh0h9h
Y7JyWt83QJON9wiYhNAT
=BTXp
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 13 Oct 2012 07:25:21 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 18:25:40 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon