please unblock OOo 3.2.1-11+squeeze2 for CVE-2010-3450
Hi,
*sigh*. Obviously when preparing the first security update for squeeze/sid in
August I was not concentrated enough, and on rechecking the diff I must have
simply overseen it :/
The patch itself is there and applied but it's not picked up by the build
because one hunk is missing.
After discussion with the testing-security people (Raphael Geissert) it was
decided to fix this with a -12 (well, I've choosen 11+squeeze2) upload to sid.
There we go; please
unblock openoffice.org/1:3.2.1-11+squeeze2
Diff attached.
(I moved the patch down in series, otherwise I'd have needed some context
adaptions and I wanted to keep it minimal)
Sorry for this late update, but I think this should be in 6.0.0...
Grüße/Regards,
René
--
.''`. René Engelhard -- Debian GNU/Linux Developer
: :' : http://www.debian.org | http://people.debian.org/~rene/
`. `' rene@debian.org | GnuPG-Key ID: D03E3E70
`- Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70
diff -Nru openoffice.org-3.2.1/debian/changelog openoffice.org-3.2.1/debian/changelog
--- openoffice.org-3.2.1/debian/changelog 2011-01-05 22:22:56.000000000 +0100
+++ openoffice.org-3.2.1/debian/changelog 2011-01-26 01:57:09.000000000 +0100
@@ -1,3 +1,11 @@
+openoffice.org (1:3.2.1-11+squeeze2) unstable; urgency=high
+
+ * debian/patches/tread-invalid-path-segments-correctly.diff: gah,
+ actually add hunk to patch patches/dev300/apply to actually apply
+ the patch - thanks Kees Cook; make properly apply
+
+ -- Rene Engelhard <rene@debian.org> Wed, 26 Jan 2011 00:50:53 +0000
+
openoffice.org (1:3.2.1-11+squeeze1) testing-security; urgency=high
* debian/patches/tread-invalid-path-segments-correctly.diff:
diff -Nru openoffice.org-3.2.1/debian/patches/series openoffice.org-3.2.1/debian/patches/series
--- openoffice.org-3.2.1/debian/patches/series 2011-01-05 23:08:55.000000000 +0100
+++ openoffice.org-3.2.1/debian/patches/series 2011-01-26 01:46:58.000000000 +0100
@@ -13,7 +13,7 @@
pdf-link-export-fix.diff
set-correct-default-formula-syntax.diff
slideshow-clipfix.diff
-tread-invalid-path-segments-correctly.diff
cws-hb22.diff
security-fixes-from-cws-os145.diff
security-fixes-from-cws-impress208.diff
+tread-invalid-path-segments-correctly.diff
diff -Nru openoffice.org-3.2.1/debian/patches/tread-invalid-path-segments-correctly.diff openoffice.org-3.2.1/debian/patches/tread-invalid-path-segments-correctly.diff
--- openoffice.org-3.2.1/debian/patches/tread-invalid-path-segments-correctly.diff 2010-09-05 17:54:12.000000000 +0200
+++ openoffice.org-3.2.1/debian/patches/tread-invalid-path-segments-correctly.diff 2011-01-26 01:49:07.000000000 +0100
@@ -90,7 +90,7 @@
+--- ucb/source/ucp/package/makefile.mk Mon Jul 26 18:27:06 2010 +0200
++++ ucb/source/ucp/package/makefile.mk Tue Aug 10 11:05:20 2010 +0200
+@@ -68,6 +68,7 @@
-+ SHL1VERSIONMAP=$(SOLARENV)/src/component.map
++ SHL1VERSIONMAP=exports.map
+
+ SHL1STDLIBS=\
++ $(COMPHELPERLIB) \
@@ -202,3 +202,13 @@
+ }
+ }
+
+--- openoffice.org-3.2.1/ooo-build-3-2-1-4/patches/dev300/apply-old 2011-01-26 00:47:59.000000000 +0000
++++ openoffice.org-3.2.1/ooo-build-3-2-1-4/patches/dev300/apply 2011-01-26 00:48:12.000000000 +0000
+@@ -4096,6 +4096,7 @@
+
+ [ Security ]
+ SA40775.diff
++tread-invalid-path-segments-correctly.diff
+ cws-hb22.diff
+ security-fixes-from-cws-os145.diff
+ security-fixes-from-cws-impress208.diff
Reply to: