Calligra Words Buffer Overflow in MS Word Filter

Found it on page 40. The bug is in an embedded code copy of wv2. It appears our wv2 package is likely affected as well.

Untested debdiff using upstream patch.

wv2 code in that area is not identical. I think it's got the same issue, but I'm not 100% sure.

This bug was fixed in the package calligra - 1:2.4.92-0ubuntu2

---------------
calligra (1:2.4.92-0ubuntu2) quantal; urgency=high

  * SECURITY UPDATE:
  * References See patch header
  * Add debian/patches/wv2_buffer_overflow_fix.diff to fix buffer overflow in
    embedded copy of wv2 MS Word filter (LP: #1032934)
 -- Scott Kitterman <email address hidden> Sat, 04 Aug 2012 06:03:11 -0400

Improved debdiff for calligra in precise.

This bug was fixed in the package calligra - 1:2.4.0-0ubuntu2.1

---------------
calligra (1:2.4.0-0ubuntu2.1) precise-security; urgency=high

  * SECURITY UPDATE:
  * References See patch header
  * Add debian/patches/wv2_buffer_overflow_fix.diff to fix buffer overflow in
    embedded copy of wv2 MS Word filter (LP: #1032934)
 -- Scott Kitterman <email address hidden> Sat, 04 Aug 2012 05:12:38 -0400

This bug was fixed in the package koffice - 1:2.3.3-0ubuntu6.1

---------------
koffice (1:2.3.3-0ubuntu6.1) oneiric-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via malformed Word
    document (LP: #1032934)
    - debian/patches/wv2_buffer_overflow_fix.diff: don't overflow grupx in
      filters/kword/msword-odf/wv2/src/styles.cpp.
    - CVE number pending
 -- Marc Deslauriers <email address hidden> Mon, 06 Aug 2012 12:37:06 -0400

This bug was fixed in the package koffice - 1:2.3.3-0ubuntu4.1

---------------
koffice (1:2.3.3-0ubuntu4.1) natty-security; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via malformed Word
    document (LP: #1032934)
    - debian/patches/wv2_buffer_overflow_fix.diff: don't overflow grupx in
      filters/kword/msword-odf/wv2/src/styles.cpp.
    - CVE number pending
 -- Marc Deslauriers <email address hidden> Mon, 06 Aug 2012 10:55:34 -0400

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest coordinating with upstream and posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

I don't see any tasks ready for the ubuntu-security-sponsors team, unsubscribing that team from the bug report.

This was fixed in 0.4.2.dfsg.1-9.1

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against natty is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against oneiric is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Thank you for reporting this bug to Ubuntu. natty has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against natty is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

Thank you for reporting this bug to Ubuntu. oneiric has reached EOL
(End of Life) for this package and is no longer supported. As
a result, this bug against oneiric is being marked "Won't Fix".
Please see https://wiki.ubuntu.com/Releases for currently
supported Ubuntu releases.

Please feel free to report any other bugs you may find.

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to 'New'. Thanks again!