Fix CVE-2017-11110:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110
https://bugzilla.redhat.com/show_bug.cgi?id=1468471
https://security-tracker.debian.org/tracker/CVE-2017-11110

Patch copied from openSUSE:

https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=1

From: Andreas Stieger <astieger@suse.com>
Date: Mon, 10 Jul 2017 15:37:58 +0000
References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=1047877

All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <4.

---
 src/ole.c |    5 +++++
 1 file changed, 5 insertions(+)

Index: catdoc-0.95/src/ole.c
===================================================================
--- catdoc-0.95.orig/src/ole.c	2016-05-25 06:37:12.000000000 +0200
+++ catdoc-0.95/src/ole.c	2017-07-10 17:42:33.578308107 +0200
@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si
 		return NULL;
 	}
  	sectorSize = 1<<getshort(oleBuf,0x1e);
+	/* CVE-2017-11110) */
+ 	if (sectorSize < 4) {
+		fprintf(stderr,"sectorSize < 4 not supported\n");
+		return NULL;
+	}
 	shortSectorSize=1<<getshort(oleBuf,0x20);
 
 /* Read BBD into memory */
@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si
 		}
 
 		fseek(newfile, 512+mblock*sectorSize, SEEK_SET);
-		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i,
+		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >= 4 for CVE-2017-11110 */
 						 1, sectorSize, newfile) != sectorSize) {
 			fprintf(stderr, "Error read MSAT!\n");
 			ole_finish();

<input type='hidden' name='id' value='006a1da8a6e1da8eefc4e57cf4eb21a0cff53e25'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=006a1da8a6e1da8eefc4e57cf4eb21a0cff53e25'>root</a>/<a href='/guix/log/scripts?id=006a1da8a6e1da8eefc4e57cf4eb21a0cff53e25'>scripts</a>/<a href='/guix/log/scripts/guix.in?id=006a1da8a6e1da8eefc4e57cf4eb21a0cff53e25'>guix.in</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/scripts/guix.in?id=006a1da8a6e1da8eefc4e57cf4eb21a0cff53e25&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2018-06-09 12:02:27 +0200'>2018-06-09</span></td><td><a href='/guix/commit/scripts/guix.in?id=75e24d7b0e19ab2164aecb340e82d07d2b9714e7'>pull: Install the new Guix in a profile.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2018-01-28 23:14:55 +0100'>2018-01-28</span></td><td><a href='/guix/commit/scripts/guix.in?id=63666a348af5ef5190cbe9611c40f2b9188b7967'>guix: Let Emacs detect “scripts/guix.in” appropriate mode.</a><span class='msg-avail'>...</span></td><td>Mathieu Lirzin</td></tr>
<tr><td><span title='2018-01-23 15:01:15 +0100'>2018-01-23</span></td><td><a href='/guix/commit/scripts/guix.in?id=6f774d481839f87178c5895ac2d661e141f879b8'>guix: Refactor script.</a><span class='msg-avail'>...</span></td><td>Mathieu Lirzin</td></tr>
<tr><td><span title='2018-01-23 10:13:16 +0100'>2018-01-23</span></td><td><a href='/guix/commit/scripts/guix.in?id=cba386c1295b7054df22dfb4662b1b92f668e2c0'>build: Expand ‘scripts/guix’ at Make time.</a><span class='msg-avail'>...</span></td><td>Mathieu Lirzin</td></tr>
<tr><td><span title='2017-03-20 23:26:18 +0100'>2017-03-20</span></td><td><a href='/guix/commit/scripts/guix.in?id=9437fd7399425ed281e1bfc13240288ba9078caa'>build: Install .go files to $libdir/guile/X.Y.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2016-04-06 23:21:26 +0200'>2016-04-06</span></td><td><a href='/guix/commit/scripts/guix.in?id=7cffaeb60473e25a7ef8c1a8cb36e1531191873a'>challenge: Really exit with non-zero upon hash mismatch.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2014-06-14 22:55:59 +0200'>2014-06-14</span></td><td><a href='/guix/commit/scripts/guix.in?id=243cea2461e3f260cef2c702689252a54858fdfc'>guix: Look for "guix-packages" messages in $localedir.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2018-06-09	pull: Install the new Guix in a profile....	Ludovic Courtès
2018-01-28	guix: Let Emacs detect “scripts/guix.in” appropriate mode....	Mathieu Lirzin
2018-01-23	guix: Refactor script....	Mathieu Lirzin
2018-01-23	build: Expand ‘scripts/guix’ at Make time....	Mathieu Lirzin
2017-03-20	build: Install .go files to $libdir/guile/X.Y....	Ludovic Courtès
2016-04-06	challenge: Really exit with non-zero upon hash mismatch....	Ludovic Courtès
2014-06-14	guix: Look for "guix-packages" messages in $localedir....	Ludovic Courtès