The following commit has been merged in the master branch:
commit 083a70509170d8e423ce838d03a017f0b5465853
Author: Rene Engelhard <r...@debian.org>
Date: Mon Jul 2 17:52:28 2012 +0200
debian/patches/CVE-2012-2334-clip-max-entries.diff: add additional fix for
CVE-2012-2334 from Florian Weimer which we missed to apply so far...
diff --git a/changelog b/changelog
index d227920..e003d28 100644
--- a/changelog
+++ b/changelog
@@ -1,8 +1,11 @@
-libreoffice (1:3.5.4-6) UNRELEASED; urgency=low
+libreoffice (1:3.5.4-6) UNRELEASED; urgency=high
+
+ * debian/patches/CVE-2012-2334-clip-max-entries.diff: add additional
+ fix for CVE-2012-2334 from Florian Weimer which we missed to apply
+ so far..
* debian/templates/soffice-template.desktop.in: fix Icon= (remove
obsolete 3), thanks Miros◈aw Zalewski (closes: #678313)
-
* debian/control.in: make -filter-mobiledev Break libreoffice-core
(<< 1:3.5~) (closes: #633929)
diff --git a/patches/CVE-2012-2334-clip-max-entries.diff
b/patches/CVE-2012-2334-clip-max-entries.diff
new file mode 100644
index 0000000..c27939d
--- /dev/null
+++ b/patches/CVE-2012-2334-clip-max-entries.diff
@@ -0,0 +1,23 @@
+From 63dbfa8386159c2f22b7e3ef786f3c93fd4217aa Mon Sep 17 00:00:00 2001
+From: Caolán McNamara <caol...@redhat.com>
+Date: Mon, 28 May 2012 15:13:09 +0000
+Subject: clip max entries
+
+Signed-off-by: Petr Mladek <pmla...@suse.cz>
+---
+diff --git a/filter/source/msfilter/msdffimp.cxx
b/filter/source/msfilter/msdffimp.cxx
+index 3107635..56234e2 100644
+--- a/filter/source/msfilter/msdffimp.cxx
++++ b/filter/source/msfilter/msdffimp.cxx
+@@ -6049,6 +6049,9 @@ void SvxMSDffManager::GetFidclData( sal_uInt32 nOffsDggL
)
+ "escher", "FIDCL list longer than remaining bytes,
ppt or parser is wrong");
+ mnIdClusters = std::min(nMaxEntriesPossible,
static_cast<sal_Size>(mnIdClusters));
+
++ sal_Size nMaxEntriesAllocatable = SAL_MAX_INT32 /
sizeof(FIDCL);
++ mnIdClusters = std::min(nMaxEntriesAllocatable,
static_cast<sal_Size>(mnIdClusters));
++
+ mpFidcls = new FIDCL[ mnIdClusters ];
+ memset(mpFidcls, 0, mnIdClusters * sizeof(FIDCL));
+ for (sal_uInt32 i = 0; i < mnIdClusters; ++i)
+--
+cgit v0.9.0.2-2-gbebe
diff --git a/patches/series b/patches/series
index bf04e42..515bd56 100644
--- a/patches/series
+++ b/patches/series
@@ -41,3 +41,4 @@ fix-signed-char-mess.diff
make-shortcuts-in-menus-localized-again.diff
fix-legacy-report-opening.diff
evolution-3.4.diff
+CVE-2012-2334-clip-max-entries.diff
--
LibreOffice packaging repository
--
To UNSUBSCRIBE, email to debian-openoffice-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e1srmwz-0006pw...@vasks.debian.org
