Bug#405679: Buffer overflows in EnhWMFReader::ReadEnhWMF and WMFReader::ReadRecordParams
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
retitle 405679 Buffer overflows in EnhWMFReader::ReadEnhWMF and WMFReader::ReadRecordParams
severity 405679 grave
close 405679 2.0.4-1
thanks
[ sorry for the reference to the same bugnr. My error, cut'n'pasted the
wrong nr
And I also confused two distinct issues - I meant #404105 but that's
something else. I didn't think of anyone coming with this old thing
now..
But it's still not critical anyway ]
Hi,
Rene Engelhard wrote:
> > The security issue and a patch were described at
> > http://www.openoffice.org/issues/show_bug.cgi?id=70042. From what is
> > written, this vulnerability can be used to execute any code on the
> > vulnerable system. Please check, if Debian is affected and if Sarge is
> > affected too.
Sarge is but the fix is already at the security team (just that NGS
decided to make the issue public just the time Joey is not
available....).
"Debian" (I think you wanted to say etch/sid/experimental) isn't affected since
2.0.4-1 (yes, that's NO typo) the patch already was included.
(by looking at the diff and seeing cmcfixes28 mentioned there would have
helped, too, if you were grepping the changelog anyway ou also could
have grepped the diff or the apply file, but anyway...)
The next upload will have the backport and the CVE mentioned, which I didn't
do yet because the issue was embargoed till some days ago (where I was
on vacaction..).
Regards,
Rene
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFFnrSx+FmQsCSK63MRApW9AJ9gQD7tqkuTHFanrzGH+1CrbduTrACbBnJI
r7DK9ruf4tyv/PicqKGurKs=
=S0tp
-----END PGP SIGNATURE-----
Reply to: