|
|
Log in / Subscribe / Register

Debian alert DLA-4234-1 (catdoc)



From:
              Adrian Bunk <bunk@debian.org>


To:
              debian-lts-announce@lists.debian.org


Subject:
              [SECURITY] [DLA 4234-1] catdoc security update


Date:
              Mon, 30 Jun 2025 14:05:37 +0300


Message-ID:
              <aGJvgf0H8l0QaYiX@localhost>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4234-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                          Adrian Bunk
June 30, 2025                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : catdoc
Version        : 1:0.95-4.1+deb11u1
CVE ID         : CVE-2024-48877 CVE-2024-52035 CVE-2024-54028
Debian Bug     : 1107168

Multiple vulnerabilities have been fixed in catdoc, a text extractor for 
MS-Office files.

CVE-2024-48877

    memory corruption

CVE-2024-52035

    integer overflow

CVE-2024-54028

    integer underflow

For Debian 11 bullseye, these problems have been fixed in version
1:0.95-4.1+deb11u1.

We recommend that you upgrade your catdoc packages.

For the detailed security status of catdoc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/catdoc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmhib4EACgkQiNJCh6LY
mLGyTBAAwLp+iF+efnyC8rSgQscjlUwRCiSWC3sAxotQPgKvvyRz2umCHyKECnvL
4ZSEJAd/YPMzdaW/0FcwDS+0KlrC4j9JAmd8aeBtXbdVl7Y3EJ0QaIDggLKbUINi
ZE1FQq5uhIrFyRDkrGmMYmCgEx7v/CltYtCNipLdx0OV/ztPEeTcFwaocjAuzt5m
CjuhOZpVW+Ml3YbuejYeuN77SdMKWOaBWSCEq5qc+QkWksIgiP468SK6WUCyj2Cm
M5x86waYuFKegzNBtodD8jay6iLYvYhQfuDgB5B4Inf1Dy91lC8En5oNw5meMMWf
9tD1oitafMOgFvhO4CNJ57MylUISHVEBH7iCiZaJNySykzMN3sXB6RbCD+ZCXHJl
kLfl+/B2QVVHwE/0NmDcfya6KjTe5VcsliVdhDPISwXtfAeIh7GG95lwK1DQKz/n
vu+vOm2F0R4T1PzQ2RhIUcG4OTFjZvb087jmRwqKkNr7Thot0qyDSKmMuxQrQV+9
59BkSaiZumYG9RYZWSqxwge0t60vKMWJY3OSOrxz7ElEP8u5zfNoz9uu4J1l7pdC
dWbnC0qxawrYgDPaYfN2UOZlnWywoL9KxW3Wrfc0vYqYCkzA0r4RmIq6aOmcEToR
eQSTS89H4JJeBDkk27nVJebvxLJ4VClYwfBbQ+6mmxTUwXzdGaQ=
=tPAD
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds