[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#405679: Buffer overflows in EnhWMFReader::ReadEnhWMF and WMFReader::ReadRecordParams

Package: openoffice.org
Version: 2.0.4.dfsg.2-2
Severity: critical
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The security issue and a patch were described at
http://www.openoffice.org/issues/show_bug.cgi?id=70042. From what is
written, this vulnerability can be used to execute any code on the
vulnerable system. Please check, if Debian is affected and if Sarge is
affected too.

Grepping through the changelog and the BTS made me think, that this
issue hasn't been fixed in Debian yet.

Regards, Daniel


- -- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.09060920
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)

Versions of packages openoffice.org depends on:
ii  openoffice.org-base       2.0.4.dfsg.2-2 OpenOffice.org office suite - data
ii  openoffice.org-calc       2.0.4.dfsg.2-2 OpenOffice.org office suite - spre
ii  openoffice.org-core       2.0.4.dfsg.2-2 OpenOffice.org office suite archit
ii  openoffice.org-draw       2.0.4.dfsg.2-2 OpenOffice.org office suite - draw
ii  openoffice.org-impress    2.0.4.dfsg.2-2 OpenOffice.org office suite - pres
ii  openoffice.org-java-commo 2.0.4.dfsg.2-2 OpenOffice.org office suite Java s
ii  openoffice.org-math       2.0.4.dfsg.2-2 OpenOffice.org office suite - equa
ii  openoffice.org-writer     2.0.4.dfsg.2-2 OpenOffice.org office suite - word

openoffice.org recommends no packages.

- -- no debconf information

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFnmG/m0bx+wiPa4wRAufwAJ9kX+kY+bqyg+U+zo+I4QvRrRdXNwCfUXUh
y1RDHjj+MoJyyAXh4l4MVJI=
=NblS
-----END PGP SIGNATURE-----
Reply to: