TALOS Security Advisory for catdoc

[CiscoTalos]

Hello, the Cisco Talos team found security vulnerabilities affecting Victor Wagner products. As this is a sensitive security issue, this message is to request a PGP key for further communication. Please acknowledge receipt of this message, and let us know where to send security issues.

For further information about the Cisco Vendor Vulnerability Reporting and Disclosure Policy please refer to this document which also links to our public PGP key. https://tools.cisco.com/security/center/resources/vendor_vulnerability_policy.html

[CiscoTalos]

The details were sent to you by email on January 16th. Please let us know if there are any questions.

[skierpage]

Hey @CiscoTalos , sadly user @vbwagner seems unreachable since around 2016.

Of the various Linux packagers, it seems Martina Ferrari for Debian has been best at maintaining catdoc patches, including some CVE patches.

I'm fitfully trying to maintain a Github fork of this with all the Debian patches and some more cleanup. I'll happily attempt to rectify your vulnerability; I have a GPG key on GitHub.

[CiscoTalos]

Thank you for the reply @skierpage ! I just now reached out to Tina.