Package: openoffice.org Severity: grave Tags: security Hi Rene, the following CVE (Common Vulnerabilities & Exposures) id was published for openoffice.org. CVE-2007-4575[0]: | Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB) | Synopsis: users opening specially crafted database documents may allow | attackers to execute arbitrary static Java code State: Resolved 1. Impact | | A security vulnerability in HSQLDB, the default database engine shipped with | OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary | static Java code, by manipulating database documents to be opened by a user. | 2. Affected releases | | All versions prior to OpenOffice.org 2.3.1 3. Symptoms | | There are no predictable symptoms that would indicate this issue has occurred | 4. Relief/Workaround | | There is no workaround. See "Resolution" below. 5. Resolution | | This issue is addressed in the following releases: | | HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1 If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://www.openoffice.org/security/cves/CVE-2007-4575.html Kind regards Nico -- Nico Golde - http://www.ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
pgp_IFGwmH1Wn.pgp
Description: PGP signature