Hi,
On Sun, Sep 17, 2017 at 10:47:06AM +0200, Salvatore Bonaccorso wrote: > Source: libwpd > Version: 0.10.1-5 > Severity: important > Tags: patch security upstream > Forwarded: https://sourceforge.net/p/libwpd/tickets/14/ > > Hi, > > the following vulnerability was published for libwpd. > > CVE-2017-14226[0]: [...] fixed in 0.10.2-1 for sid. Want this fixed as DSAs for jessie/stretch? Prepared packages. Debdiffs attached... Regards, Rene
diff -Nru libwpd-0.10.1/debian/changelog libwpd-0.10.1/debian/changelog --- libwpd-0.10.1/debian/changelog 2016-09-12 22:58:36.000000000 +0200 +++ libwpd-0.10.1/debian/changelog 2017-09-17 13:20:30.000000000 +0200 @@ -1,3 +1,10 @@ +libwpd (0.10.1-5+deb9u1) stretch; urgency=medium + + * debian/patches/libwpd-tdf112269.diff: backport patch to fix + CVE-2017-14226 (closes: #876001) + + -- Rene Engelhard <r...@debian.org> Sun, 17 Sep 2017 13:20:30 +0200 + libwpd (0.10.1-5) unstable; urgency=medium * [7d35591] move Maintainer: to Debian LibreOffice Maintainers diff -Nru libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff --- libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff 1970-01-01 01:00:00.000000000 +0100 +++ libwpd-0.10.1/debian/patches/libwpd-tdf112269.diff 2017-09-17 13:20:30.000000000 +0200 @@ -0,0 +1,43 @@ +--- libwpd/src/lib/WP5StylesListener.cpp ++++ libwpd/src/lib/WP5StylesListener.cpp +@@ -85,8 +85,9 @@ + m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0); + m_currentPage.setPageSpan(1); + +- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin(); +- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter) ++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList(); ++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin(); ++ HFiter != headerFooterList.end(); ++HFiter) + { + if ((*HFiter).getOccurrence() != NEVER) + { +--- libwpd/src/lib/WP42StylesListener.cpp ++++ libwpd/src/lib/WP42StylesListener.cpp +@@ -84,8 +84,9 @@ + m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0); + m_currentPage.setPageSpan(1); + +- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin(); +- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter) ++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList(); ++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin(); ++ HFiter != headerFooterList.end(); ++HFiter) + { + if ((*HFiter).getOccurrence() != NEVER) + { +--- libwpd/src/lib/WP1StylesListener.cpp ++++ libwpd/src/lib/WP1StylesListener.cpp +@@ -83,8 +83,9 @@ + m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0); + m_currentPage.setPageSpan(1); + +- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin(); +- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter) ++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList(); ++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin(); ++ HFiter != headerFooterList.end(); ++HFiter) + { + if ((*HFiter).getOccurrence() != NEVER) + { + diff -Nru libwpd-0.10.1/debian/patches/series libwpd-0.10.1/debian/patches/series --- libwpd-0.10.1/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libwpd-0.10.1/debian/patches/series 2017-09-17 13:20:30.000000000 +0200 @@ -0,0 +1 @@ +libwpd-tdf112269.diff
diff -Nru libwpd-0.10.0/debian/changelog libwpd-0.10.0/debian/changelog --- libwpd-0.10.0/debian/changelog 2014-08-08 00:36:00.000000000 +0200 +++ libwpd-0.10.0/debian/changelog 2017-09-17 13:20:30.000000000 +0200 @@ -1,3 +1,10 @@ +libwpd (0.10.0-2+deb8u1) jessie; urgency=medium + + * debian/patches/libwpd-tdf112269.diff: backport patch to fix + CVE-2017-14226 (closes: #876001) + + -- Rene Engelhard <r...@debian.org> Sun, 17 Sep 2017 13:20:30 +0200 + libwpd (0.10.0-2) unstable; urgency=low * upload to unstable diff -Nru libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff --- libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff 1970-01-01 01:00:00.000000000 +0100 +++ libwpd-0.10.0/debian/patches/libwpd-tdf112269.diff 2017-09-17 13:20:30.000000000 +0200 @@ -0,0 +1,43 @@ +--- libwpd/src/lib/WP5StylesListener.cpp ++++ libwpd/src/lib/WP5StylesListener.cpp +@@ -85,8 +85,9 @@ + m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0); + m_currentPage.setPageSpan(1); + +- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin(); +- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter) ++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList(); ++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin(); ++ HFiter != headerFooterList.end(); ++HFiter) + { + if ((*HFiter).getOccurrence() != NEVER) + { +--- libwpd/src/lib/WP42StylesListener.cpp ++++ libwpd/src/lib/WP42StylesListener.cpp +@@ -84,8 +84,9 @@ + m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0); + m_currentPage.setPageSpan(1); + +- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin(); +- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter) ++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList(); ++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin(); ++ HFiter != headerFooterList.end(); ++HFiter) + { + if ((*HFiter).getOccurrence() != NEVER) + { +--- libwpd/src/lib/WP1StylesListener.cpp ++++ libwpd/src/lib/WP1StylesListener.cpp +@@ -83,8 +83,9 @@ + m_currentPage = WPXPageSpan(m_pageList.back(), 0.0, 0.0); + m_currentPage.setPageSpan(1); + +- for (std::vector<WPXHeaderFooter>::const_iterator HFiter = (m_nextPage.getHeaderFooterList()).begin(); +- HFiter != (m_nextPage.getHeaderFooterList()).end(); ++HFiter) ++ std::vector<WPXHeaderFooter> headerFooterList = m_nextPage.getHeaderFooterList(); ++ for (std::vector<WPXHeaderFooter>::const_iterator HFiter = headerFooterList.begin(); ++ HFiter != headerFooterList.end(); ++HFiter) + { + if ((*HFiter).getOccurrence() != NEVER) + { + diff -Nru libwpd-0.10.0/debian/patches/series libwpd-0.10.0/debian/patches/series --- libwpd-0.10.0/debian/patches/series 1970-01-01 01:00:00.000000000 +0100 +++ libwpd-0.10.0/debian/patches/series 2017-09-17 13:20:30.000000000 +0200 @@ -0,0 +1 @@ +libwpd-tdf112269.diff