Rene Engelhard uploaded a new package for openoffice.org which fixed the
following security problems:
CVE-2010-0136
It was discovered that macro security settings were insufficiently
enforced for VBA macros.
CVE-2009-0217
It was discovered that the W3C XML Signature recommendation
contains a protocol-level vulnerability related to HMAC output
truncation. This also affects the integrated libxmlsec library.
CVE-2009-2949
Sebastian Apelt discovered that an integer overflow in the XPM
import code may lead to the execution of arbitrary code.
CVE-2009-2950
Sebastian Apelt and Frank Reissner discovered that a buffer
overflow in the GIF import code may lead to the execution of
arbitrary code.
CVE-2009-3301/CVE-2009-3302
Nicolas Joly discovered multiple vulnerabilities in the parser for
Word document files, which may lead to the execution of arbitrary
code.
For the lenny-backports distribution (etch), these problems have been fixed in
version 1:3.1.1-15+squeeze1~bpo50+1.
Upgrade instructions
---------------------
If you don't use pinning (see [1]) you have to update redmine
manually via "apt-get -t lenny-backports install redmine".
[1] <http://backports.org/dokuwiki/doku.php?id=instructions>
We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:
Package: *
Pin: release a=lenny-backports
Pin-Priority: 200
Attachment:
signature.asc
Description: Digital signature