Bug#309749: openoffice.org: Heap overflow
Package: openoffice.org
Version: 1.1.3-8
Severity: grave
Justification: user security hole
The security update fixes a buffer overflow in OpenOffice_org
Microsoft Word document reader which could allow a remote attacker
sending a handcrafted .doc file to execute code as the user
opening the document in OpenOffice.
This is tracked by the Mitre CVE ID CAN-2005-0941.
http://download.openoffice.org/1.1.4/security_patch.html
http://www.securityfocus.com/archive/1/395516
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-686
Locale: LANG=nl_NL@euro, LC_CTYPE=nl_NL@euro (charmap=ISO-8859-15)
Versions of packages openoffice.org depends on:
ii dictionaries-common [openoffi 0.25.3 Common utilities for spelling dict
ii openoffice.org-bin 1.1.3-8 OpenOffice.org office suite binary
ii openoffice.org-debian-files 1.1.3-8+1 Debian specific parts of OpenOffic
ii openoffice.org-l10n-de [openo 1.1.3-8 German language package for OpenOf
ii openoffice.org-l10n-en [openo 1.1.3-8 English (US) language package for
ii openoffice.org-l10n-es [openo 1.1.3-8 Spanish language package for OpenO
ii openoffice.org-l10n-nl [openo 1.1.3-8 Dutch language package for OpenOff
ii ttf-opensymbol 1.1.3-8 The OpenSymbol TrueType font
ii xml-core 0.09 XML infrastructure and XML catalog
-- no debconf information
Reply to: