[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#304412: marked as done (CAN-2005-0941: "OpenOffice DOC document Heap Overflow")



Your message dated Wed, 20 Apr 2005 02:00:19 -0700
with message-id <20050420090014.GB9135@mauritius.dodds.net>
and subject line CAN-2005-0941: "OpenOffice DOC document Heap Overflow"
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 12 Apr 2005 22:38:51 +0000
>From rene.engelhard@gmx.de Tue Apr 12 15:38:51 2005
Return-path: <rene.engelhard@gmx.de>
Received: from imap.gmx.net (mail.gmx.net) [213.165.64.20] 
	by spohr.debian.org with smtp (Exim 3.35 1 (Debian))
	id 1DLU1z-00053D-00; Tue, 12 Apr 2005 15:38:51 -0700
Received: (qmail invoked by alias); 12 Apr 2005 22:38:19 -0000
Received: from dsl-084-056-110-083.arcor-ip.net (EHLO localhost) [84.56.110.83]
  by mail.gmx.net (mp002) with SMTP; 13 Apr 2005 00:38:19 +0200
X-Authenticated: #1545045
Received: by localhost (Postfix, from userid 1000)
	id 3E4986A1F0; Wed, 13 Apr 2005 00:38:16 +0200 (CEST)
Date: Wed, 13 Apr 2005 00:38:16 +0200
From: Rene Engelhard <rene@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CAN-2005-0941: "OpenOffice DOC document Heap Overflow"
Message-ID: <20050412223816.GA17963@rene-engelhard.de>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline
X-Reportbug-Version: 3.9
X-PGP-Key: 248AEB73
X-PGP-Fingerprint: 41FA F208 28D4 7CA5 19BB  7AD9 F859 90B0 248A EB73
User-Agent: Mutt/1.5.9i
X-Y-GMX-Trusted: 0
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: openoffice.org
Version: 1.1.3-8
Severity: grave
Justification: user security hole
Tags: sarge sid experimental pending

=66rom full-disclosure (http://archives.neohapsis.com/archives/fulldisclosu=
re/2005-04/0218.html):

OpenOffice DOC document Heap Overflow
[Security Advisory]

Advisory:[AD_LAB-05001] OpenOffice DOC document Heap Overflow
Class: Design Error
DATE:30/3/2005
CVEID:CAN-2005-0941
Vulnerable:
    <=3DOpenOffice OpenOffice 1.1.4
    -OpenOffice OpenOffice 2.0dev

Unvulnerable:
    Unknow
Vendor:
     www.openoffice.org

I.DESCRIPTION:
- -------------
     OpenOffice.org is an office productivity suite, including word
processing, spreadsheets, presentations, drawings, data charting,
formula editing, and file conversion facilities.
The vulnerability is caused due to a error within the .Doc document header
processing.This can be exploited to cause a heap-based buffer overflow.=20
[...]

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (400, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=3Dde_DE@euro, LC_CTYPE=3Dde_DE@euro (charmap=3DISO-8859-15)

Versions of packages openoffice.org depends on:
ii  dictionaries-common [openoffi 0.25.4     Common utilities for spelling =
dict
ii  openoffice.org-bin            1.1.3-8    OpenOffice.org office suite bi=
nary
ii  openoffice.org-debian-files   1.1.3-8+1  Debian specific parts of OpenO=
ffic
ii  openoffice.org-l10n-de [openo 1.1.3-8    German language package for Op=
enOf
ii  openoffice.org-l10n-en [openo 1.1.3-8    English (US) language package =
for=20
ii  ttf-opensymbol                1.1.3-8    The OpenSymbol TrueType font
ii  xml-core                      0.09       XML infrastructure and XML cat=
alog

-- no debconf information

--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCXE3Y+FmQsCSK63MRAhJIAJ9RvzELacwAKTI4SaAJnoKRbc46FgCfT2cS
T82ElwiAVBKKHvwDTvgTggA=
=//v+
-----END PGP SIGNATURE-----

--cWoXeonUoKmBZSoM--

---------------------------------------
Received: (at 304412-done) by bugs.debian.org; 20 Apr 2005 09:00:19 +0000
>From vorlon@debian.org Wed Apr 20 02:00:19 2005
Return-path: <vorlon@debian.org>
Received: from dsl093-039-086.pdx1.dsl.speakeasy.net (localhost.localdomain) [66.93.39.86] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1DOB4F-0003KY-00; Wed, 20 Apr 2005 02:00:19 -0700
Received: by localhost.localdomain (Postfix, from userid 1000)
	id 3BA05172A57; Wed, 20 Apr 2005 02:00:19 -0700 (PDT)
Date: Wed, 20 Apr 2005 02:00:19 -0700
From: Steve Langasek <vorlon@debian.org>
To: 304412-done@bugs.debian.org
Subject: Re: CAN-2005-0941: "OpenOffice DOC document Heap Overflow"
Message-ID: <20050420090014.GB9135@mauritius.dodds.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
User-Agent: Mutt/1.5.6+20040907i
Delivered-To: 304412-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level: 


--eAbsdosE1cNLO4uF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi all,

OOo 1.1.3-9 has been built on all architectures now, and (barring any sudden
new uploads of the package between now and dinstall) will make its way into
testing tomorrow.

Cheers,
--=20
Steve Langasek
postmodern programmer

--eAbsdosE1cNLO4uF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCZhoeKN6ufymYLloRAkj1AKDDRrS3uxP+MNkKWIHamrY8LkFp3wCgxDh0
R+KqIRPny5km/MBIUXsI76M=
=DvfO
-----END PGP SIGNATURE-----

--eAbsdosE1cNLO4uF--



Reply to: