Bug#405679: Buffer overflows in EnhWMFReader::ReadEnhWMF and WMFReader::ReadRecordParams
Package: openoffice.org
Version: 2.0.4.dfsg.2-2
Severity: critical
Tags: security patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The security issue and a patch were described at
http://www.openoffice.org/issues/show_bug.cgi?id=70042. From what is
written, this vulnerability can be used to execute any code on the
vulnerable system. Please check, if Debian is affected and if Sarge is
affected too.
Grepping through the changelog and the BTS made me think, that this
issue hasn't been fixed in Debian yet.
Regards, Daniel
- -- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.09060920
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages openoffice.org depends on:
ii openoffice.org-base 2.0.4.dfsg.2-2 OpenOffice.org office suite - data
ii openoffice.org-calc 2.0.4.dfsg.2-2 OpenOffice.org office suite - spre
ii openoffice.org-core 2.0.4.dfsg.2-2 OpenOffice.org office suite archit
ii openoffice.org-draw 2.0.4.dfsg.2-2 OpenOffice.org office suite - draw
ii openoffice.org-impress 2.0.4.dfsg.2-2 OpenOffice.org office suite - pres
ii openoffice.org-java-commo 2.0.4.dfsg.2-2 OpenOffice.org office suite Java s
ii openoffice.org-math 2.0.4.dfsg.2-2 OpenOffice.org office suite - equa
ii openoffice.org-writer 2.0.4.dfsg.2-2 OpenOffice.org office suite - word
openoffice.org recommends no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFnmG/m0bx+wiPa4wRAufwAJ9kX+kY+bqyg+U+zo+I4QvRrRdXNwCfUXUh
y1RDHjj+MoJyyAXh4l4MVJI=
=NblS
-----END PGP SIGNATURE-----
Reply to: