Debian has issued an advisory on June 29: https://lists.debian.org/debian-security-announce/2025/msg00117.html
Source RPM: (none) => catdoc-0.95-6.mga10.src.rpm, catdoc-0.95-5.mga9.src.rpmStatus comment: (none) => Patches available from DebianCVE: (none) => CVE-2024-48877, CVE-2024-52035, CVE-2024-54028Whiteboard: (none) => MGA9TOO
https://sources.debian.org/data/main/c/catdoc/1%3A0.95-6~deb12u1/debian/patches/0007-Added-guards-against-a-signed-text-length-when-parsi.patch https://sources.debian.org/data/main/c/catdoc/1%3A0.95-6~deb12u1/debian/patches/0008-Added-a-guard-against-a-product-overflow-when-proces.patch https://sources.debian.org/data/main/c/catdoc/1%3A0.95-6~deb12u1/debian/patches/0009-Added-guards-against-invalid-sector-sizes-when-tryin.patch
Suggested advisory: ======================== The updated package fixes security vulnerabilities: A memory corruption vulnerability exists in the Shared String Table Record Parser implementation in xls2csv utility version 0.95. (CVE-2024-48877) An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. (CVE-2024-52035) An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. (CVE-2024-54028) References: https://lists.debian.org/debian-security-announce/2025/msg00117.html ======================== Updated package in core/updates_testing: ======================== catdoc-0.95-5.1.mga9 from SRPM: catdoc-0.95-5.1.mga9.src.rpm
Status: NEW => ASSIGNEDStatus comment: Patches available from Debian => (none)Whiteboard: MGA9TOO => (none)Source RPM: catdoc-0.95-6.mga10.src.rpm, catdoc-0.95-5.mga9.src.rpm => catdoc-0.95-5.mga9.src.rpmAssignee: bugsquad => qa-bugsVersion: Cauldron => 9
Keywords: (none) => advisory
Created attachment 15033 [details] Test file xls2csv file_example_XLS_10.xls "0","First Name","Last Name","Gender","Country","Age","Date","Id" "1","Dulce","Abril","Female","United States","32","15/10/2017","1562" "2","Mara","Hashimoto","Female","Great Britain","25","16/08/2016","1582" "3","Philip","Gent","Male","France","36","21/05/2015","2587" "4","Kathleen","Hanner","Female","United States","25","15/10/2017","3549" "5","Nereida","Magwood","Female","United States","58","16/08/2016","2468" "6","Gaston","Brumm","Male","United States","24","21/05/2015","2554" "7","Etta","Hurn","Female","Great Britain","56","15/10/2017","3598" "8","Earlean","Melgar","Female","United States","27","16/08/2016","2456" "9","Vincenza","Weiland","Female","United States","40","21/05/2015","6548" Looks good
Sorry, this should be before the previous message installing catdoc-0.95-5.1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64 Preparing... ################################################################################################## 1/1: catdoc ################################################################################################## 1/1: removing catdoc-0.95-5.mga9.x86_64 ################################################################################################## The reports talks of POC files, but I could not find them catdoc file1.doc works catdoc cifras.docx This file looks like ZIP archive or Office 2007 or later file. Not supported by catdoc Looks good
MGA9-64 server Plasma Wayland on Compaq H000SB No installation issues. $ catdoc vraag.doc > vraag.txt [tester9@mach3 volkstuintjes]$ catdoc vraag.doc No feedback and file vraag.txt is empty. But this file is a creation of LO-Writer to send to an MS-only correspondent. With .doc file from MS-Word: $ catdoc 2020\ 2\ extra\ info\ vraag\ Herman\ 1.doc Vragen/bemerkingen Volkstuintjes Volgende bemerkingen zijn gebaseerd op de laatste ledenlijst 2019-10, De leden hebben nu allemaal een identificatie door een Lidkaart-Code, Het cijfer komt overeen met het pandnummer nu. Maar is dat houdbaar ??? Stel dat een lid naar een ander pand wil, dan zou zijn/haar lidnummer etc..... $ catdoc 2020\ 2\ extra\ info\ vraag\ Herman\ 1.doc > vraagextra.txt resulting txt file looks OK. $ catdoc 2021\ 1\ 10\ hopelijk\ laatste\ vragen\ aan\ Herman.docx This file looks like ZIP archive or Office 2007 or later file. Not supported by catdoc $ xls2csv ledenlijstest.xls "Naam","Voornaam","Straat","Nr/bus","Postcode","Gemeente","Telefoon","GSM","Lidkaart","Typenaam","Percentlidgeld","Pandnr","Loknaam" etc....... $ xls2csv ledenlijstest.xls > test.csv Resulting csv opens OK in LO Calc $ xls2csv ledenlijstest.xlsx Looks like ZIP archive or Office 2007 or later. Not supported ledenlijstest.xlsx is not OLE file or Error Looks all OK with me.
Whiteboard: (none) => MGA9-64-OKCC: (none) => herman.viaene
Validating.
CC: (none) => andrewsfarm, sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2025-0202.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED