On Tue, Dec 02, 2014 at 08:35:40AM +0100, Salvatore Bonaccorso wrote: > the following vulnerability was published for antiword. > > CVE-2014-8123[0]: > buffer overflow of atPPSlist[].szName[]
We're actually already carrying a patch to address this buffer overflow - 10_fix_buffer_overflow_wordole_c.dpatch, added in 0.37-5 back in June 2009: http://sources.debian.net/src/antiword/0.37-10/debian/patches/10_fix_buffer_overflow_wordole_c.patch/ Reported in: https://bugs.debian.org/407015 I'm not going to just close this though, as the check in our patch is ">" but the new patch uses ">=". I'll dig into if the equality condition results in an overflow, but the scope for exploiting this in Debian is going to be rather more limited than in upstream 0.37. Cheers, Olly -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
