[ubuntu/natty-security] libreoffice 1:3.3.4-0ubuntu1.2 (Accepted)
Jamie Strandboge
jamie at ubuntu.com
Mon Jul 2 20:46:02 UTC 2012
libreoffice (1:3.3.4-0ubuntu1.2) natty-security; urgency=low
* SECURITY UPDATE: fix integer overflows in graphic loading code
- debian/patches/CVE-2012-1149.patch: adjust vcl/source/gdi/pngread.cxx to
fail earlier on oversized images and properly verify chunks. Also adjust
basebmp/source/bitmapdevice.cxx to to properly verify height and width.
Properly verify width and height in
svtools/source/filter.vcl/jpeg/jpeg.cxx
- CVE-2012-1149
* SECURITY UPDATE: fix integer overflow when processing Escher graphics
records in PowerPoint documents
- debian/patches/CVE-2012-2334.patch: properly verify record lengths in
filter/source/msfilter/msdffimp.cxx and msdffimp.hxx
- CVE-2012-2334
Date: 2012-06-20 16:36:43.209358+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/natty/+source/libreoffice/1:3.3.4-0ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Natty-changes
mailing list