[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#309749: openoffice.org: Heap overflow

Package: openoffice.org
Version: 1.1.3-8
Severity: grave
Justification: user security hole

The security update fixes a buffer overflow in OpenOffice_org
Microsoft Word document reader which could allow a remote attacker
sending a handcrafted .doc file to execute code as the user
opening the document in OpenOffice.

This is tracked by the Mitre CVE ID CAN-2005-0941.

http://download.openoffice.org/1.1.4/security_patch.html
http://www.securityfocus.com/archive/1/395516

-- System Information:
Debian Release: 3.1
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=nl_NL@euro, LC_CTYPE=nl_NL@euro (charmap=ISO-8859-15)

Versions of packages openoffice.org depends on:
ii  dictionaries-common [openoffi 0.25.3     Common utilities for spelling dict
ii  openoffice.org-bin            1.1.3-8    OpenOffice.org office suite binary
ii  openoffice.org-debian-files   1.1.3-8+1  Debian specific parts of OpenOffic
ii  openoffice.org-l10n-de [openo 1.1.3-8    German language package for OpenOf
ii  openoffice.org-l10n-en [openo 1.1.3-8    English (US) language package for 
ii  openoffice.org-l10n-es [openo 1.1.3-8    Spanish language package for OpenO
ii  openoffice.org-l10n-nl [openo 1.1.3-8    Dutch language package for OpenOff
ii  ttf-opensymbol                1.1.3-8    The OpenSymbol TrueType font
ii  xml-core                      0.09       XML infrastructure and XML catalog

-- no debconf information
Reply to: