| Summary: | catdoc new security issues fixed upstream in 0.95 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, lewyssmith, sysadmin-bugs |
| Version: | 5 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA5-64-OK MGA5-32-OK advisory | ||
| Source RPM: | catdoc-0.94.2-14.mga6.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2017-06-10 02:50:17 CEST
David Walser
2017-06-10 02:50:24 CEST
Whiteboard:
(none) =>
MGA5TOO Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated catdoc package fixes security vulnerabilities: Various issues found during fuzzing which may lead to an application crash or have unspecified further impact when the user is tricked into opening specially crafted files (boo#919228). A lot of segfaults on incorrect or corrupted data. References: https://lists.opensuse.org/opensuse-updates/2017-06/msg00027.html ======================== Updated packages in core/updates_testing: ======================== catdoc-0.95-1.mga5 from catdoc-0.95-1.mga5.src.rpm Version:
Cauldron =>
5
Dave Hodgins
2017-06-13 05:26:34 CEST
CC:
(none) =>
davidwhodgins Testing M5_64 Installed from issued repos: catdoc-0.94.2-13.mga5 It includes 3 programs: * catdoc - reads MS-Word file and puts its content as plain text on standard output * xls2csv - reads MS-Excel file and puts its content as comma-separated data [CSV] on standard output * catppt - reads MS-PowerPoint file and puts its content on standard output BEFORE update: 1. catdoc /mnt/common/docs/cludiant/rheilffordd/SRAdoc.doc produced sensible output. 2. xls2csv 'Downloads/SampleXLSFile_38kb.xls' produced a good CSV file, but with floating point numbers much more precise than displayed in the spreadsheet (the test .xls file opened fine in LibreOffice Calc). 3. $ catppt Downloads/SamplePPTFile_500kb.ppt Capsules 1_Capsules Not convincing: the text shown is not in the presentation. The test .ppt file of 3 slides displayed correctly with LibreOffice Impress, and included some text on each slide which was *not* output here. Suspect the program does not work. ---------------------------------- AFTER update to: catdoc-0.95-1.mga5 1. catdoc /mnt/common/docs/cludiant/rheilffordd/SRAdoc.doc produced identical output to previously. 2. xls2csv 'Downloads/SampleXLSFile_38kb.xls' The output was essentially the same as before, but slightly different re floating point numbers. Previously they were output with very many decimal places; post-update they are rounded to 2 decimal places - as, indeed, they are displayed in the spreadsheet. All fields are otherwise the same. 3. $ catppt Downloads/SamplePPTFile_500kb.ppt $ Even less than before! Given that pre-update the result was meaningless, this does not matter. Update deemed OK. Whiteboard:
advisory =>
advisory MGA5-64-OK MGA5-32 on Asus A6000VM Xfce No installation issues (was not installed before). Followed procedure above and results are acceptable with some hickups. 1. .doc file made by LibreOffice gives no output whatsoever. 2. catdoc /mnt/Documents/okra/Brief.docx This file looks like ZIP archive or Office 2007 or later file. Not supported by catdoc. OK Real doc file by MS Office gives correct output. xls2csv with real xls by MS Office seems to show all contents, I can see the different sheets (13) in the output, but all being in one output ... I wonder how usable it is. I could not get any output at all fro any ppt file I have (MS Office made). CC:
(none) =>
herman.viaene
Lewis Smith
2017-06-14 17:21:57 CEST
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0177.html Resolution:
(none) =>
FIXED |