openSUSE has issued an advisory today (June 9): https://lists.opensuse.org/opensuse-updates/2017-06/msg00027.html Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated catdoc package fixes security vulnerabilities: Various issues found during fuzzing which may lead to an application crash or have unspecified further impact when the user is tricked into opening specially crafted files (boo#919228). A lot of segfaults on incorrect or corrupted data. References: https://lists.opensuse.org/opensuse-updates/2017-06/msg00027.html ======================== Updated packages in core/updates_testing: ======================== catdoc-0.95-1.mga5 from catdoc-0.95-1.mga5.src.rpm
Version: Cauldron => 5Whiteboard: MGA5TOO => (none)Assignee: bugsquad => qa-bugs
CC: (none) => davidwhodginsWhiteboard: (none) => advisory
Testing M5_64 Installed from issued repos: catdoc-0.94.2-13.mga5 It includes 3 programs: * catdoc - reads MS-Word file and puts its content as plain text on standard output * xls2csv - reads MS-Excel file and puts its content as comma-separated data [CSV] on standard output * catppt - reads MS-PowerPoint file and puts its content on standard output BEFORE update: 1. catdoc /mnt/common/docs/cludiant/rheilffordd/SRAdoc.doc produced sensible output. 2. xls2csv 'Downloads/SampleXLSFile_38kb.xls' produced a good CSV file, but with floating point numbers much more precise than displayed in the spreadsheet (the test .xls file opened fine in LibreOffice Calc). 3. $ catppt Downloads/SamplePPTFile_500kb.ppt Capsules 1_Capsules Not convincing: the text shown is not in the presentation. The test .ppt file of 3 slides displayed correctly with LibreOffice Impress, and included some text on each slide which was *not* output here. Suspect the program does not work. ---------------------------------- AFTER update to: catdoc-0.95-1.mga5 1. catdoc /mnt/common/docs/cludiant/rheilffordd/SRAdoc.doc produced identical output to previously. 2. xls2csv 'Downloads/SampleXLSFile_38kb.xls' The output was essentially the same as before, but slightly different re floating point numbers. Previously they were output with very many decimal places; post-update they are rounded to 2 decimal places - as, indeed, they are displayed in the spreadsheet. All fields are otherwise the same. 3. $ catppt Downloads/SamplePPTFile_500kb.ppt $ Even less than before! Given that pre-update the result was meaningless, this does not matter. Update deemed OK.
Whiteboard: advisory => advisory MGA5-64-OKCC: (none) => lewyssmith
MGA5-32 on Asus A6000VM Xfce No installation issues (was not installed before). Followed procedure above and results are acceptable with some hickups. 1. .doc file made by LibreOffice gives no output whatsoever. 2. catdoc /mnt/Documents/okra/Brief.docx This file looks like ZIP archive or Office 2007 or later file. Not supported by catdoc. OK Real doc file by MS Office gives correct output. xls2csv with real xls by MS Office seems to show all contents, I can see the different sheets (13) in the output, but all being in one output ... I wonder how usable it is. I could not get any output at all fro any ppt file I have (MS Office made).
CC: (none) => herman.viaeneWhiteboard: advisory MGA5-64-OK => MGA5-64-OK MGA5-32-OK advisory
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0177.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED