Ah, yes, I forgot to mention this when I mailed the security team
earlier.
> Note that according to the Ubuntu advisory, this bug might also be
> present in the koffice-libs package.
The issue for debian lies specifically within the kword binary package.
Unless I'm mistaken, debian's koffice-lib
> An exploitable heap overflow has been found in kword's RTF import function.
The patch for sarge was already sent to the security team earlier
today, and the sid packages are being uploaded tonight.
Ben.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble?
Note that according to the Ubuntu advisory, this bug might also be
present in the koffice-libs package.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Package: kword
Version: 1:1.3.5-4.3
Severity: grave
Tags: security
Justification: user security hole
An exploitable heap overflow has been found in kword's RTF import function.
Please see http://www.kde.org/info/security/advisory-20051011-1.txt for
more information and a patch against 1.3.5. This
4 matches
Mail list logo