Bug#772811: unrtf: CVE-2014-9274 CVE-2014-9275

Hi Willi, On Sun, Dec 14, 2014 at 10:10:58AM +0100, Willi Mann wrote: Hi Dave, does 0.21.7 solve both security issues reported? If yes, could point send me the individual patches that fix these issues? The Debian branch for the next stable distribution is already frozen, so I cannot fix

Processed: Re: Bug#772811: unrtf: CVE-2014-9274 CVE-2014-9275

Processing control commands: tags -1 + patch Bug #772811 [unrtf] unrtf: CVE-2014-9274 CVE-2014-9275 Added tag(s) patch. -- 772811: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772811 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems -- To UNSUBSCRIBE, email to

Bug#772811: unrtf: CVE-2014-9274 CVE-2014-9275

Control: tags -1 + patch Hi Willi Attached are two patches separated per CVEs. Regards, Salvatore Description: CVE-2014-9274: out-of-bounds memory access UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated by a file containing

Bug#772811: unrtf: CVE-2014-9274 CVE-2014-9275

On Sun, Dec 21, 2014 at 03:08:00PM +0100, Salvatore Bonaccorso wrote: Hi Willi, On Sun, Dec 14, 2014 at 10:10:58AM +0100, Willi Mann wrote: Hi Dave, does 0.21.7 solve both security issues reported? If yes, could point send me the individual patches that fix these issues? The Debian

Bug#772811: unrtf: CVE-2014-9274 CVE-2014-9275

Hi Salvatore, we were working in parallel unfortunately, as I prepared the same patches in the morning. However, I also added 2 patches by Fabian Keil. I'll upload tomorrow in the evening, you can have a look at http://anonscm.debian.org/cgit/collab-maint/unrtf.git/ comments welcome. thanks

Bug#772811: unrtf: CVE-2014-9274 CVE-2014-9275

Hi Willi, On Sun, Dec 21, 2014 at 10:02:08PM +0100, Willi Mann wrote: Hi Salvatore, we were working in parallel unfortunately, as I prepared the same patches in the morning. However, I also added 2 patches by Fabian Keil. I'll upload tomorrow in the evening, you can have a look at Don't

Bug#772811: unrtf: CVE-2014-9274 CVE-2014-9275

Hi Dave, does 0.21.7 solve both security issues reported? If yes, could point send me the individual patches that fix these issues? The Debian branch for the next stable distribution is already frozen, so I cannot fix these bugs with new upstream versions. thanks Willi Am 2014-12-11 um 12:16

Bug#772811: unrtf: CVE-2014-9274 CVE-2014-9275

Package: unrtf Severity: grave Tags: security Please see http://www.openwall.com/lists/oss-security/2014/12/03/4 for more information and references to patches. Cheers, Moritz -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of unsubscribe. Trouble?