found 454463 2.0.4.dfsg-7etch2 close 454463 2.0.4.dfsg-7etch4 found 454463 2.2.1-10 found 454463 1:2.3.0.dfsg-1 close 454463 1:2.3.1~rc1-1 thanks Hi, Nico Golde wrote: > the following CVE (Common Vulnerabilities & Exposures) id was > published for openoffice.org. > > CVE-2007-4575[0]: > | Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB) > | Synopsis: users opening specially crafted database documents may allow > | attackers to execute arbitrary static Java code State: Resolved 1. Impact > | > | A security vulnerability in HSQLDB, the default database engine shipped with > | OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary > | static Java code, by manipulating database documents to be opened by a user. > | 2. Affected releases > | > | All versions prior to OpenOffice.org 2.3.1 3. Symptoms > | > | There are no predictable symptoms that would indicate this issue has occurred > | 4. Relief/Workaround > | > | There is no workaround. See "Resolution" below. 5. Resolution > | > | This issue is addressed in the following releases: > | > | HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1 > > If you fix this vulnerability please also include the CVE id > in your changelog entry. > > For further information: > [0] http://www.openoffice.org/security/cves/CVE-2007-4575.html Yep. Already known to me since Oct, 04 :) The version in experimental (and hsqldb 1.8.0.9-x) is fixed. 1:2.3.1-1 hangs in NEW, though (it will add the CVE mentioning to 1:2.3.1~rc1-1's changelog). Joey already has fixed versions for etch (-7etch4), just the DSA needs sending out.. Closing with the appropriate versions. Grüße/Regards, René -- .''`. René Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' rene@debian.org | GnuPG-Key ID: 248AEB73 `- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73
Attachment:
signature.asc
Description: Digital signature