./packages/libreoffice/3.3.0/experimental r2350: mention fixed security issues
------------------------------------------------------------
revno: 2350
committer: Rene Engelhard <rene@debian.org>
branch nick: debian
timestamp: Tue 2011-01-25 12:42:28 +0100
message:
mention fixed security issues
modified:
changelog
=== modified file 'changelog'
--- a/changelog 2011-01-25 11:42:09 +0000
+++ b/changelog 2011-01-25 11:42:28 +0000
@@ -25,6 +25,8 @@
openoffice.org-common (<< 1:3.3.0~)
* debian/libreoffice-common.preinst.in: rm_conffile
/etc/bash_completion.d/ooffice.sh if upgrading from older libreoffice-common
+ * debian/changelog: mention fixed security issues in previous changelog
+ entries
-- Rene Engelhard <rene@debian.org> Mon, 24 Jan 2011 01:56:24 +0100
@@ -56,6 +58,12 @@
libreoffice (1:3.3.0~rc3-1) experimental; urgency=low
* LibreOffice 3.3.0 rc3
+ - includes OpenOffice.org 3.3.0 release branch milestone 19, so:
+ + fixes CVE-2010-3702 and CVE-2010-3704 for the (unused) internal
+ xpdf copy
+ + fixes CVE-2010-4494 for the (unused) internal libxml2 copy
+ + fixes possible heap overflow when reading manipulated TGA images
+ (CVE-2010-4643)
* debian/patches/java-common-message-LibreOffice.diff: fix patched-in
java-common message to say libreoffice-java-common (closes: #609660)
@@ -152,6 +160,7 @@
libreoffice (1:3.3.0~rc2-1) experimental; urgency=low
* LibreOffice 3.3.0 rc2
+ - fixes CVE-2010-4008 for the (unused) internal libxml2 copy
- fix config path in soffice (closes: #606432)
- includes OpenOffice.org 3.3.0 release branch milestone 18, so:
+ fixes export of group shapes to ppt (closes: #607377)
@@ -194,6 +203,8 @@
libreoffice (1:3.3.0~rc1-1) experimental; urgency=low
* LibreOffice 3.3.0 rc1
+ - includes OpenOffice.org 3.3.0 release branch milestone 17, so:
+ + fixes CVE-2010-4253: Heap based buffer overflow, PPT files.
* debian/patches/splash-progressbarcolor.diff: update for new artwork
* debian/patches/buildfix-patches.diff: remove
@@ -250,6 +261,16 @@
* LibreOffice 3.3 beta3
- Set correct default formula syntax value in case it's not
explicitly set (closes: #527535)
+ - includes OpenOffice.org 3.3.0 release branch milestone 10, so:
+ + fixes several vulerabilities:
+ . soffice script does not treat empty LD_LIBRARY_PATH like unset one
+ (CVE-2010-3689)
+ . Crash in WW8DopTypography::ReadFromMem (CVE-2010-3454)
+ . Crash in SwRTFParser::ReadNumSecLevel (CVE-2010-3452)
+ . Out of bounds write in WW8ListManager::WW8ListManager()
+ (CVE-2010-3453)
+ . Loading certain RTF document leads to corrupt table model
+ (CVE-2010-3451)
* debian/patches/buildfix-patches.diff:
openoffice.org-report-builder -> libreoffice-report-builder
@@ -321,6 +342,7 @@
- includes OpenOffice.org 3.3.0 release branch milestone 9, so:
+ fixes hebrew text in sheet tabs when using system fonts
(closes: #433231)
+ + fixes directory traversal vulnerability in OOo (CVE-2010-3450)
* switch to new LibreOffice build infrastructure (more or less ooo-build,
though), update Homepage:.
Reply to: