From debbugs-submit-bounces@debbugs.gnu.org Fri Aug 11 17:52:34 2017
Received: (at submit) by debbugs.gnu.org; 11 Aug 2017 21:52:34 +0000
Received: from localhost ([127.0.0.1]:56074 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1dgHr2-00032x-Hr
	for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:34 -0400
Received: from eggs.gnu.org ([208.118.235.92]:42341)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <alexvong1995@gmail.com>) id 1dgHqw-00032h-Tc
 for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <alexvong1995@gmail.com>) id 1dgHqo-00027a-Us
 for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:17 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.2 required=5.0 tests=BAYES_05,
 FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,T_DKIM_INVALID autolearn=disabled
 version=3.3.2
Received: from lists.gnu.org ([2001:4830:134:3::11]:54231)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <alexvong1995@gmail.com>)
 id 1dgHqo-00027T-RE
 for submit@debbugs.gnu.org; Fri, 11 Aug 2017 17:52:14 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:33257)
 by lists.gnu.org with esmtp (Exim 4.71)
 (envelope-from <alexvong1995@gmail.com>) id 1dgHqn-0005si-0Q
 for guix-patches@gnu.org; Fri, 11 Aug 2017 17:52:14 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <alexvong1995@gmail.com>) id 1dgHql-00026D-Ia
 for guix-patches@gnu.org; Fri, 11 Aug 2017 17:52:13 -0400
Received: from mail-pf0-x236.google.com ([2607:f8b0:400e:c00::236]:35989)
 by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
 (Exim 4.71) (envelope-from <alexvong1995@gmail.com>)
 id 1dgHqf-0001yd-9L; Fri, 11 Aug 2017 17:52:05 -0400
Received: by mail-pf0-x236.google.com with SMTP id c28so20478155pfe.3;
 Fri, 11 Aug 2017 14:52:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:subject:date:message-id:user-agent:mime-version;
 bh=bjHOPVM11oO7uA0+91CLyt9E7hx5PRy9a7eHagqZ8nI=;
 b=Wvod0fMXZiAy3kU7YTc8h3uA9fbbFeLt2qHgMDIsrsqG4OMlKpCZEa4zTw3kqgalpT
 5fikRlTRjEvRJAZKzne5RS7jSLUoZWkxK9MXbURIR+OJj2u047qZfFKGUO5lY5Uvo9Hu
 kfSMX6Fa0KOv5ZBd7gj7mEwP2U7SI2cBMxWj0Kth8NtU6+hI45uxEuEgHnygspLoW9Sf
 YqJd23lFCRAvinvQEEwbUg2Pk76BE6t4UdFEQg+dg6oFNdknzq+WB3hdsLRzmJ0qgD1B
 IUhyrlx5pPbGUEhbvF7yMGb8t61nu5IXRyEWkOjZp4OBBhlc0aqx8Xze/6V6BCngwOBP
 8SNQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:subject:date:message-id:user-agent
 :mime-version;
 bh=bjHOPVM11oO7uA0+91CLyt9E7hx5PRy9a7eHagqZ8nI=;
 b=NsyE/YQwwroMlPVVtLhVtYlVk6CmObv8yjLLeNEY4aMU1nbLPsyf2uBKOV9eL+2u9C
 4NlULuvw/jf4Vwfjq7wAaiuv0Q58PosLN0Ldf/G543ox5x7OZEaqF/lEXZM2A3A2aU3P
 JzfVx7X8NEk9lx03u1t8VtukhGSDWaTTGVvpm3SjmKdTjo9Wk6l0MUXR/z1MUsPjEsGv
 q0XZV8sxY4zWopcVc1P/TyULEqXKYVc2RoC2wbA4yPAHVr50WT4/vbJTs1ZhzEbPG492
 tmfDmKg4wG+LpO1wusCq4b/75Pc+g4nOhT001GxLfC8+Z7ANIImLwWXildlxj3ORlXnE
 F7gg==
X-Gm-Message-State: AHYfb5jYXarLgt4lnzBpdyYiWBR2LlVIPvp4YRLGtvfm5mQcFPR6VnOB
 bWANe9/OS3KHQw==
X-Received: by 10.99.39.135 with SMTP id n129mr4051167pgn.36.1502488322560;
 Fri, 11 Aug 2017 14:52:02 -0700 (PDT)
Received: from debian (pcd372024.netvigator.com. [203.218.162.24])
 by smtp.gmail.com with ESMTPSA id c7sm3479876pfa.174.2017.08.11.14.51.59
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Fri, 11 Aug 2017 14:52:00 -0700 (PDT)
From: Alex Vong <alexvong1995@gmail.com>
To: guix-patches@gnu.org, guix-devel@gnu.org
Subject: [PATCH] gnu: catdoc: Fix CVE-2017-11110.
Date: Sat, 12 Aug 2017 05:51:45 +0800
Message-ID: <87zib5pyby.fsf@gmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="==-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x
X-Received-From: 2001:4830:134:3::11
X-Spam-Score: -3.8 (---)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 the administrator of that system for details.
 
 Content preview:  Severity: important Tags: patch security Hello, This patch
    fixes the latest CVE of catdoc. The upstream repo[0] is not updated for more
    than a year, so I grab the patch from openSUSE instead (which is also used
    by Debian). [...] 
 
 Content analysis details:   (1.2 points, 10.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
  1.0 SPF_SOFTFAIL           SPF: sender does not match SPF record (softfail)
  0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
                             digit (alexvong1995[at]gmail.com)
  0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                             (alexvong1995[at]gmail.com)
  0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid

--==-=-=
Content-Type: multipart/mixed; boundary="=-=-="

--=-=-=
Content-Type: text/plain

Severity: important
Tags: patch security

Hello,

This patch fixes the latest CVE of catdoc. The upstream repo[0] is not
updated for more than a year, so I grab the patch from openSUSE instead
(which is also used by Debian).


--=-=-=
Content-Type: text/x-diff; charset=utf-8
Content-Disposition: inline;
 filename=0001-gnu-catdoc-Fix-CVE-2017-11110.patch
Content-Transfer-Encoding: quoted-printable

From=2069b2b0ca3b43409e86bd5d01fe72823ef84ee391 Mon Sep 17 00:00:00 2001
From: Alex Vong <alexvong1995@gmail.com>
Date: Thu, 10 Aug 2017 21:02:14 +0800
Subject: [PATCH] gnu: catdoc: Fix CVE-2017-11110.

* gnu/packages/patches/catdoc-CVE-2017-11110.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/textutils.scm (catdoc)[source]: Use it.
=2D--
 gnu/local.mk                                     |  1 +
 gnu/packages/patches/catdoc-CVE-2017-11110.patch | 45 ++++++++++++++++++++=
++++
 gnu/packages/textutils.scm                       |  2 ++
 3 files changed, 48 insertions(+)
 create mode 100644 gnu/packages/patches/catdoc-CVE-2017-11110.patch

diff --git a/gnu/local.mk b/gnu/local.mk
index 3d79d5d22..57c346921 100644
=2D-- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -534,6 +534,7 @@ dist_patch_DATA =3D						\
   %D%/packages/patches/calibre-drop-unrar.patch			\
   %D%/packages/patches/calibre-no-updates-dialog.patch		\
   %D%/packages/patches/calibre-use-packaged-feedparser.patch	\
+  %D%/packages/patches/catdoc-CVE-2017-11110.patch		\
   %D%/packages/patches/cdparanoia-fpic.patch			\
   %D%/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch 	\
   %D%/packages/patches/ceph-disable-cpu-optimizations.patch	\
diff --git a/gnu/packages/patches/catdoc-CVE-2017-11110.patch b/gnu/package=
s/patches/catdoc-CVE-2017-11110.patch
new file mode 100644
index 000000000..71c44f60f
=2D-- /dev/null
+++ b/gnu/packages/patches/catdoc-CVE-2017-11110.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-11110:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2017-11110
+https://bugzilla.redhat.com/show_bug.cgi?id=3D1468471
+https://security-tracker.debian.org/tracker/CVE-2017-11110
+
+Patch copied from openSUSE:
+
+https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/cat=
doc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=3D1
+
+From: Andreas Stieger <astieger@suse.com>
+Date: Mon, 10 Jul 2017 15:37:58 +0000
+References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=3D1047=
877
+
+All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <=
4.
+
+---
+ src/ole.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: catdoc-0.95/src/ole.c
+=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
+--- catdoc-0.95.orig/src/ole.c	2016-05-25 06:37:12.000000000 +0200
++++ catdoc-0.95/src/ole.c	2017-07-10 17:42:33.578308107 +0200
+@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si
+ 		return NULL;
+ 	}
+  	sectorSize =3D 1<<getshort(oleBuf,0x1e);
++	/* CVE-2017-11110) */
++ 	if (sectorSize < 4) {
++		fprintf(stderr,"sectorSize < 4 not supported\n");
++		return NULL;
++	}
+ 	shortSectorSize=3D1<<getshort(oleBuf,0x20);
+=20
+ /* Read BBD into memory */
+@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si
+ 		}
+=20
+ 		fseek(newfile, 512+mblock*sectorSize, SEEK_SET);
+-		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i,
++		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >=3D 4 for CVE-2017=
-11110 */
+ 						 1, sectorSize, newfile) !=3D sectorSize) {
+ 			fprintf(stderr, "Error read MSAT!\n");
+ 			ole_finish();
diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm
index e8ae30cd6..537d01334 100644
=2D-- a/gnu/packages/textutils.scm
+++ b/gnu/packages/textutils.scm
@@ -12,6 +12,7 @@
 ;;; Copyright =C2=A9 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright =C2=A9 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright =C2=A9 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright =C2=A9 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -409,6 +410,7 @@ runs Word\".")
               (method url-fetch)
               (uri (string-append "http://ftp.wagner.pp.ru/pub/catdoc/"
                                   "catdoc-" version ".tar.gz"))
+              (patches (search-patches "catdoc-CVE-2017-11110.patch"))
               (sha256
                (base32
                 "15h7v3bmwfk4z8r78xs5ih6vd0pskn0rj90xghvbzdjj0cc88jji"))))
=2D-=20
2.14.0


--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable


(I am re-sending this mail for the 3rd time since I didn't receive a
reply from debbugs. This time I decide to mail to guix-devel as well
just in case it doesn't work again.)=20

Cheers,
Alex

[0]: http://www.wagner.pp.ru/gitweb/?p=3Doss/catdoc.git;a=3Dsummary

--=-=-=--

--==-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlmOJvIACgkQxYq4eRf1
Ea7j9Q/9EKSmn1t9t0uCGujOAri5pORqXv2BdOdrte6Q3IfMnuOpsjzG7YjQJCgQ
d0+laYjpHL2kV9/QI5U6FKowPAksiCW2Amgj2x/5eDTVjFSV7emRynLaT4leTMBE
uXpdmhLTmO2rI1Fu4OTIfNGgYFDrqesZAg0njKzlKSSqA2XoLNUGG+DOxUvZQIb5
8tFeS6THe+Qq397btQlRXUhYHWM8fqcGY4QE999PjZt5jULCPXkxLfqbOdiNP6wa
xxgTpj8BfOv2P8cOWNnkvxjauLNq0cpdrB41JUM8NdvOavUpZ2uQFhfMa6BHkuxd
/FTZOUQQO8cCpN7h81exbdhr6doov0MjBpLQZ3MXte2m6l1zpUrSNUetMNDAFn2d
wKhzASgKqdk67zUT2CR3sOAXwxKc6hRbJ7cNxQfPK7/PhY0CqQSVtTCdYbu4Le+Y
AZG6DurLC3joO3N6XLt1fPg+zcwg2mO9SsBWCCycG3s7iT1LOa54pbJp/xtxCDc1
UZNnbRDcvQn2G5f0CcmJffEO0flZBiL8AJwNL6BAhtTLY4MV5Mu5ZMi6Vfqi24sN
lQtgsjgTGAqwwPnl0NkLRmo9xVSKZ26W3em5HqzwVnoSf/zvq/30vUgIW73D+PZY
kQExGMC5hFUbf9GPY0x91c1veyCkTbSDKNNPpKCJ8Wdi6h97bQ4=
=pyeT
-----END PGP SIGNATURE-----
--==-=-=--




From debbugs-submit-bounces@debbugs.gnu.org Sat Aug 12 12:21:38 2017
Received: (at 28058-done) by debbugs.gnu.org; 12 Aug 2017 16:21:38 +0000
Received: from localhost ([127.0.0.1]:57011 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1dgZAP-00038m-Sy
	for submit@debbugs.gnu.org; Sat, 12 Aug 2017 12:21:38 -0400
Received: from mail-pf0-f196.google.com ([209.85.192.196]:38406)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <alexvong1995@gmail.com>) id 1dgZAO-00038g-BX
 for 28058-done@debbugs.gnu.org; Sat, 12 Aug 2017 12:21:36 -0400
Received: by mail-pf0-f196.google.com with SMTP id h75so6075060pfh.5
 for <28058-done@debbugs.gnu.org>; Sat, 12 Aug 2017 09:21:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:in-reply-to:references:user-agent:date
 :message-id:mime-version;
 bh=ZNIW0U+Lyj2GbeAr2BR+eeqHQp+gChRFo0yhvlPFahs=;
 b=skv4cTmSwmV8DoBMtF3RcSpNR5MwJhecz0mHo5cRsfny/JtMnuiolEWJAug7IBZrmq
 t3at6HGMIO/XyXbgjsNAy8OdPZ+nkWX5qeD4LGCIWfhjN3UYehm9Xk5+biSLSBwUJnoA
 0uZLTuqvqqOhJFiozrVwuTiFc/P60RnNl8X+GHlS92YM1+cUl2n+rT+vpEtDdINfocdI
 Pw9bL0ZdwlozDSOprt/3+2kcvrjHin1clHcHKNxr9hOBewMYXj/I5/Nf3pO1qOryH9LZ
 uQsHqlFoXb2IZzKr0SzGNfPkDSAmaU05cxORMhJVN6GD6p9FPwxs9mmE3hNjlImyhsZ2
 aSCw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references
 :user-agent:date:message-id:mime-version;
 bh=ZNIW0U+Lyj2GbeAr2BR+eeqHQp+gChRFo0yhvlPFahs=;
 b=GDqlyqheqhslCqV6BN6d+CBdecXQg7W0K28N+0KI6M6eclNiCyFc0wr0JQg8p8BQF2
 2zy8VYzsJHrTGsJuwB4YJkkOt3496+OFWF+rpuSxoiScutRYZ2lgXos35czGv0gG1z3X
 uf02X+O+fQhO9HYPHR25/pPM3ynTQy1r09Bfp9xwKVQVKID+s6cJIk9UdCmxdBj9fI1T
 bEHnRS+z0GM7W3RyjigfrbIeryRyAkd5r02pwZCfAcM+4k1ZKWgXriFVCtCgwvBt6mmr
 SNnxLCxGOLfdvqHmy3urPlu/N/3AjcR3cyNk/1P8SseBsxvDJ8iqNkTiwLhYEsKguwCi
 W9dg==
X-Gm-Message-State: AHYfb5gGxI+y/PLIbrgJfTSuYHS5T8zgnRKF8POr9s8LeNdyWC4I37BJ
 ZNQ79nYXd5O5ew==
X-Received: by 10.99.115.94 with SMTP id d30mr18508719pgn.410.1502554890633;
 Sat, 12 Aug 2017 09:21:30 -0700 (PDT)
Received: from debian (pcd372024.netvigator.com. [203.218.162.24])
 by smtp.gmail.com with ESMTPSA id n19sm6876974pfi.35.2017.08.12.09.21.27
 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
 Sat, 12 Aug 2017 09:21:28 -0700 (PDT)
From: Alex Vong <alexvong1995@gmail.com>
To: Marius Bakke <mbakke@fastmail.com>
Subject: Re: [PATCH] gnu: catdoc: Fix CVE-2017-11110.
In-Reply-To: <878tio3o0y.fsf@fastmail.com> (Marius Bakke's message of "Sat, 12
 Aug 2017 15:37:33 +0200")
References: <87zib5pyby.fsf@gmail.com> <878tio3o0y.fsf@fastmail.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
Date: Sun, 13 Aug 2017 00:21:21 +0800
Message-ID: <87shgwpxj2.fsf@gmail.com>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -2.0 (--)
X-Debbugs-Envelope-To: 28058-done
Cc: guix-devel@gnu.org, 28058-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.0 (--)

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Marius Bakke <mbakke@fastmail.com> writes:

> Alex Vong <alexvong1995@gmail.com> writes:
>
>> Severity: important
>> Tags: patch security
>>
>> Hello,
>>
>> This patch fixes the latest CVE of catdoc. The upstream repo[0] is not
>> updated for more than a year, so I grab the patch from openSUSE instead
>> (which is also used by Debian).
>
> Thanks for this, pushed!
>
> [...]
>
Thanks!

>> (I am re-sending this mail for the 3rd time since I didn't receive a
>> reply from debbugs. This time I decide to mail to guix-devel as well
>> just in case it doesn't work again.)=20
>
> No idea what's up with that. Does it work if you omit the debbugs
> control headers? Perhaps processing is disabled for guix-patches, or
> something.

This time it works. I guess debbugs was doing some maintaince work hence
temporarily unavailable.

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEdZDkzSn0Cycogr9IxYq4eRf1Ea4FAlmPKwEACgkQxYq4eRf1
Ea4r7g//ZUBmrpKsI+emofK9hOIMzGNZrGUOLuozZyG1Je385E1YzbpXRs9T9jhN
6kWQp+eX8SBfsZMfGQUSO/Rq/3o0nKaqt9RRf9SjmPVG7r03y8BanMJ/f8r3UxKa
ALfdIOFgi44rkwvN13+QIXXAwPl2cbw70urkdOuVm+QMGQy44mKyqCW7KMJaKsoB
EvcUCuAaZ8Or7oCfGmr4agczLWWVl1omT65k72yMT9Dz3DRVDuHIxaBM9B9niYNx
fb6t99zvAsWfe+MELKX5ASotcXnVrl1P/D69mfRJhlueojeX+kznfuG58/6wSqD7
clJU/NVOCqiVdcgQ5mLYp5aL31kA+xoLqvP5vXeCivGs/6SwN+OWrKQhf9kJdTiX
P2wrjDhR9vZ8JoMHGmiE4j4uZiCYTEC8nTeOm5DUIYZSzk4MvSGaT7X67xT0nbEG
VYJfgaMXMTIrjrq2CYvjc7fT8QeXnOuINM/3GSRWD36vUk34s1g39ScQRz5F6iXv
Tivz8MIo5aU+c1NeybYEDEYdonDJvwEiT7gYdFkjOl4jyLdUlBrKQbEobvJ+2Pnu
M7nuRK80M/kVxAgYQupAwms8qKDBnqAvICgJYGuI2bnpZvi/CxYWEOJ5IOhTt5W8
yS2NpHb4sRLjpHwZGx3fKLFwoBl7EHlmAgxCLMkLzATi1tknKuE=
=p1j7
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Wed Jun 18 23:16:43 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Sun, 10 Sep 2017 11:24:03 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator