Bug#329839: marked as done (buffer overflow security fix )

Thu, 29 Sep 2005 12:20:47 -0700 

Your message dated Thu, 29 Sep 2005 11:32:12 -0700
with message-id <[EMAIL PROTECTED]>
and subject line Bug#329839: fixed in abiword 2.2.10-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 23 Sep 2005 18:49:26 +0000
>From [EMAIL PROTECTED] Fri Sep 23 11:49:26 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ptr-64-201-187-87.ptr.terago.ca (mars.net-itech.com) 
[64.201.187.87] 
        by spohr.debian.org with smtp (Exim 3.36 1 (Debian))
        id 1EIsbu-0005K1-00; Fri, 23 Sep 2005 11:49:26 -0700
Received: (qmail 6748 invoked from network); 23 Sep 2005 18:49:22 -0000
Received: from unknown (HELO minimai.internal.nit.ca) (192.168.12.1)
  by mars.net-itech.com with SMTP; 23 Sep 2005 18:49:22 -0000
Received: (qmail 28553 invoked from network); 23 Sep 2005 18:49:22 -0000
Received: from unknown (HELO ?192.168.12.210?) (192.168.12.210)
  by minimai.internal.nit.ca with SMTP; 23 Sep 2005 18:49:22 -0000
Message-ID: <[EMAIL PROTECTED]>
Date: Fri, 23 Sep 2005 14:50:18 -0400
From: Hubert Figuiere <[EMAIL PROTECTED]>
User-Agent: Debian Thunderbird 1.0.6 (X11/20050802)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: buffer overflow security fix 
Content-Type: multipart/mixed;
 boundary="------------040704040909040402090504"
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02

This is a multi-part message in MIME format.
--------------040704040909040402090504
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit

Package: abiword
Version: 2.2.9
Severity: important

Attached is a security patch for AbiWord that fix a buffer overflow
allowing to execute arbitrary code when importing a bogus RTF file.

Patch is already in upstream CVS, but I recommend to apply it for stable.

Thanks.

Hub
-- 
http://www.figuiere.net/hub/blog/

--------------040704040909040402090504
Content-Type: text/x-patch;
 name="abiword-security-fix.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="abiword-security-fix.diff"

Index: src/wp/impexp/xp/ie_imp_RTF.cpp
===================================================================
RCS file: /cvsroot/abi/src/wp/impexp/xp/ie_imp_RTF.cpp,v
retrieving revision 1.347.2.18
retrieving revision 1.347.2.19
diff -u -p -u -r1.347.2.18 -r1.347.2.19
--- src/wp/impexp/xp/ie_imp_RTF.cpp     27 Jul 2005 15:20:30 -0000      
1.347.2.18
+++ src/wp/impexp/xp/ie_imp_RTF.cpp     23 Sep 2005 16:37:41 -0000      
1.347.2.19
@@ -7937,9 +7937,10 @@ bool IE_Imp_RTF::ReadOneFontFromTable(bo
            FIXME: CJK font names come in form \'aa\'cd\'ef - so we have to
            parse \'HH correctly (currently we ignore them!) - VH
        */
-       while ( ch != '}'  &&  ch != '\\'  &&  ch != ';' && ch!= '{')
+       while ( ch != '}'  &&  ch != '\\'  &&  ch != ';' && ch!= '{' && count < 
MAX_KEYWORD_LEN)
        {
-               keyword[count++] = ch;
+               keyword[count] = ch;
+               count++;
                if (!ReadCharFromFile(&ch))
                {
                        return false;

--------------040704040909040402090504--

---------------------------------------
Received: (at 329839-close) by bugs.debian.org; 29 Sep 2005 18:40:22 +0000
>From [EMAIL PROTECTED] Thu Sep 29 11:40:22 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
        id 1EL3CW-0005We-00; Thu, 29 Sep 2005 11:32:12 -0700
From: Joshua Kwan <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#329839: fixed in abiword 2.2.10-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Thu, 29 Sep 2005 11:32:12 -0700
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
        (1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
        autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2

Source: abiword
Source-Version: 2.2.10-1

We believe that the bug you reported is fixed in the latest version of
abiword, which is due to be installed in the Debian FTP archive:

abiword-common_2.2.10-1_all.deb
  to pool/main/a/abiword/abiword-common_2.2.10-1_all.deb
abiword-gnome_2.2.10-1_i386.deb
  to pool/main/a/abiword/abiword-gnome_2.2.10-1_i386.deb
abiword-help_2.2.10-1_all.deb
  to pool/main/a/abiword/abiword-help_2.2.10-1_all.deb
abiword-plugins-gnome_2.2.10-1_i386.deb
  to pool/main/a/abiword/abiword-plugins-gnome_2.2.10-1_i386.deb
abiword-plugins_2.2.10-1_i386.deb
  to pool/main/a/abiword/abiword-plugins_2.2.10-1_i386.deb
abiword_2.2.10-1.diff.gz
  to pool/main/a/abiword/abiword_2.2.10-1.diff.gz
abiword_2.2.10-1.dsc
  to pool/main/a/abiword/abiword_2.2.10-1.dsc
abiword_2.2.10-1_i386.deb
  to pool/main/a/abiword/abiword_2.2.10-1_i386.deb
abiword_2.2.10.orig.tar.gz
  to pool/main/a/abiword/abiword_2.2.10.orig.tar.gz
xfonts-abi_2.2.10-1_all.deb
  to pool/main/a/abiword/xfonts-abi_2.2.10-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Joshua Kwan <[EMAIL PROTECTED]> (supplier of updated abiword package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 29 Sep 2005 11:07:10 -0700
Source: abiword
Binary: abiword-plugins-gnome abiword-gnome xfonts-abi abiword-help abiword 
abiword-plugins abiword-common
Architecture: source all i386
Version: 2.2.10-1
Distribution: unstable
Urgency: high
Maintainer: Masayuki Hatta (mhatta) <[EMAIL PROTECTED]>
Changed-By: Joshua Kwan <[EMAIL PROTECTED]>
Description: 
 abiword    - WYSIWYG word processor based on GTK2
 abiword-common - WYSIWYG word processor based on GTK2
 abiword-gnome - WYSIWYG word processor based on GTK2/GNOME2
 abiword-help - online help for AbiWord
 abiword-plugins - plugins for AbiWord
 abiword-plugins-gnome - plugins for AbiWord (with GNOME dependency)
 xfonts-abi - transitional package
Closes: 326391 329839
Changes: 
 abiword (2.2.10-1) unstable; urgency=high
 .
   * New upstream release.
   * Includes security fix for RTF buffer overflow exploit. closes: #329839
     (CAN-2005-2964)
   * Change build-dependency on libreadline4-dev to libreadline5-dev |
     libreadline-dev. closes: #326391
Files: 
 8603d8073878861245e95dcd4526c2e0 1849 gnome optional abiword_2.2.10-1.dsc
 6085d11314b447c0101d2bb26d27aa4c 28489143 gnome optional 
abiword_2.2.10.orig.tar.gz
 8aa5d1b390fb4704301a899a970da304 86747 gnome optional abiword_2.2.10-1.diff.gz
 08d90a6714a8ffaea04ea43b811cedef 1674660 editors optional 
abiword-common_2.2.10-1_all.deb
 8a1aa60e5ef051ef342b7a231e499911 563420 doc optional 
abiword-help_2.2.10-1_all.deb
 e531f0b439788af418f11c8a3962fb08 21214 x11 optional xfonts-abi_2.2.10-1_all.deb
 0adee2cfc7839dbe72daab24d6ad909a 2364594 editors optional 
abiword_2.2.10-1_i386.deb
 79a7765140777a866b515731f1ee920b 2354762 gnome optional 
abiword-gnome_2.2.10-1_i386.deb
 f54ad30ba777feaa9e4f7789a3f36552 347678 editors optional 
abiword-plugins_2.2.10-1_i386.deb
 8c1c3792653f88683236aca4ecae5eda 28094 gnome optional 
abiword-plugins-gnome_2.2.10-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: http://triplehelix.org/~joshk/pubkey_gpg.asc

iQIVAwUBQzwyjaOILr94RG8mAQJJChAAxt8TXxNOKcDtVaSd7nuS+EYlf99H7IDH
+WzoGGLQ1JbwEB1SXco/TT59TsMTnSb/XLEif/98bOcKUCrFpa+PqtMnjM4wkui4
gxodDTb+8ywqQ243PYnJCrZrfsQcTNzw9FsZbkGlx1hB0Z+WpHy6S1TPWlD+9gPB
C4wZLfEN6sgDsF5o9MDGlCkJrwVzrCltwTt+9y3oL0jaeHsQLi3Et++hu+XOt2re
APAOz/bUKBaPXXiduV4CT9EDa/nJHP4xoDCziWWBnyIixrPQbxdMJhHT0gfZ3yNG
KAqOEfdLh/IpWrPgw/zJTCkaM1793EAn52VUjOhiJ5btmf+iYDxhuz11NL508vH2
Noy3t2l/xeGr96Av1HXHddMjnN39tUr0r9lPfAj8l68q/GLWVA62qgPSeijvGRie
pZm7bHrlZEKdQGsS+6Ws39XKBPZszxtoNX5Gkfgj/Uru5wSudBcV/5ag9tz+3RvA
k7LO3msJbTBFCh7ynRwM45bZm88n+WkUvDjqhcYxk6Q2kWFLfMpOtYHHp3zfWhUh
jjeutTceic7emZYTa6YrKSHhtw7dFeMl/tHdBU2obuOVRunilLacbnK80LcFOAy4
WZ5eLjDsg9QVOmlECXLZznH1hAOzZxFnyhyCx00XXFNYr4P846QiQ5Pe2ySnkhHC
hrVZCyFREDc=
=UrKP
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to