[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#304808: marked as done (openoffice.org: Security vulnerability in opening .doc files)



Your message dated Fri, 15 Apr 2005 17:21:35 +0100
with message-id <200504151721.36068.halls@debian.org>
and subject line Bug#304808: openoffice.org: Security vulnerability in opening .doc files
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 15 Apr 2005 15:44:07 +0000
>From jay@ahpcrc.org Fri Apr 15 08:44:06 2005
Return-path: <jay@ahpcrc.org>
Received: from sal.ahpcrc.org [144.34.1.1] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DMSzG-0001kt-00; Fri, 15 Apr 2005 08:44:06 -0700
Received: from ahpcrc.org (mycroft.ahpcrc.org [144.34.9.34])
	by sal.ahpcrc.org (Postfix) with ESMTP id 3481872E9
	for <submit@bugs.debian.org>; Fri, 15 Apr 2005 10:44:04 -0500 (CDT)
Received: from localhost (localhost [127.0.0.1])
	by ahpcrc.org (Postfix) with ESMTP id 555DDAB0A0
	for <submit@bugs.debian.org>; Fri, 15 Apr 2005 10:44:04 -0500 (CDT)
Received: from ahpcrc.org ([127.0.0.1])
	by localhost (mycroft.ahpcrc.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 32594-02 for <submit@bugs.debian.org>;
	Fri, 15 Apr 2005 10:44:01 -0500 (CDT)
Received: from testfai.ncs.ahpcrc.org (testfai.ncs.ahpcrc.org [144.34.33.121])
	by ahpcrc.org (Postfix) with ESMTP id 93BCDAB09F
	for <submit@bugs.debian.org>; Fri, 15 Apr 2005 10:44:01 -0500 (CDT)
Received: by testfai.ncs.ahpcrc.org (Postfix, from userid 2434)
	id CECA04E00FC; Fri, 15 Apr 2005 10:44:01 -0500 (CDT)
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Jay Kline <jay@ahpcrc.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: openoffice.org: Security vulnerability in opening .doc files
X-Mailer: reportbug 3.8
Date: Fri, 15 Apr 2005 10:44:01 -0500
Message-Id: <20050415154401.CECA04E00FC@testfai.ncs.ahpcrc.org>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at ahpcrc.org
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

Package: openoffice.org
Version: 1.1.3-7
Severity: grave
Tags: security patch
Justification: user security hole

Recently, SecurityFocus announced a vulnerability in OpenOffice version
1.1.4 and all prior versions.  (http://www.securityfocus.com/archive/1/395516)
This allows a mallicous DOC file to execute arbatrary code as the user
running openoffice.  A patch has been posted for version 1.1.4, but no
patch exists for 1.1.3- users are recomended to upgrade. 
See http://download.openoffice.org/1.1.4/security_patch.html for details
and the patch provided.

-

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.29-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages openoffice.org depends on:
ii  dictionaries-common [openoffi 0.24.10    Common utilities for spelling dict
ii  openoffice.org-bin            1.1.3-7    OpenOffice.org office suite binary
ii  openoffice.org-debian-files   1.1.3-5+1  Debian specific parts of OpenOffic
ii  openoffice.org-l10n-en [openo 1.1.3-7    English (US) language package for 
ii  ttf-opensymbol                1.1.3-7    The OpenSymbol TrueType font

-- no debconf information

---------------------------------------
Received: (at 304808-close) by bugs.debian.org; 15 Apr 2005 16:21:42 +0000
>From halls@debian.org Fri Apr 15 09:21:42 2005
Return-path: <halls@debian.org>
Received: from moutng.kundenserver.de [212.227.126.186] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DMTZd-0005ZE-00; Fri, 15 Apr 2005 09:21:41 -0700
Received: from i-83-67-20-196.freedom2surf.net[83.67.20.196] (helo=feathers.thehalls.de)
	by mrelayeu.kundenserver.de with ESMTP (Nemesis),
	id 0MKwtQ-1DMTZc2e5H-0001D7; Fri, 15 Apr 2005 18:21:40 +0200
Received: by feathers.thehalls.de (Postfix, from userid 1050)
	id AF1538009; Fri, 15 Apr 2005 17:21:36 +0100 (BST)
From: Chris Halls <halls@debian.org>
To: 304808-close@bugs.debian.org
Subject: Re: Bug#304808: openoffice.org: Security vulnerability in opening .doc files
Date: Fri, 15 Apr 2005 17:21:35 +0100
User-Agent: KMail/1.7.2
References: <20050415154401.CECA04E00FC@testfai.ncs.ahpcrc.org>
In-Reply-To: <20050415154401.CECA04E00FC@testfai.ncs.ahpcrc.org>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200504151721.36068.halls@debian.org>
X-Provags-ID: kundenserver.de abuse@kundenserver.de login:b46e2b357ea7d4f6cadf4c99fb902606
Delivered-To: 304808-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 

On Friday 15 Apr 2005 16:44, Jay Kline wrote:
> Package: openoffice.org
> Version: 1.1.3-7

Already fixed in 1.1.3-9, thanks



Reply to: