Re: fixing CVE-2010-0395 for testing

To: Rene Engelhard <rene@debian.org>
Cc: debian-security@lists.debian.org, debian-release@lists.debian.org, debian-openoffice@lists.debian.org
Subject: Re: fixing CVE-2010-0395 for testing
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sun, 06 Jun 2010 21:17:58 +0100
Message-id: <1275855479.5737.234.camel@kaa.jungle.aubergine.my-net-space.net>
In-reply-to: <20100606124834.GA25022@liszt.debian.org>
References: <20100606124834.GA25022@liszt.debian.org>

[ -release readers: the original, including the diff, can be found at
http://lists.debian.org/debian-security/2010/06/msg00001.html ]

On Sun, 2010-06-06 at 12:48 +0000, Rene Engelhard wrote: 
> I could have uploaded 1:3.2.1-11 to sid just it won't go into testing
> due to http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=584545 and even
> if that would be fixed we'd wait behind gcc-defaults which waits for
> gcc-4.4 which waits for eglibc. And OOo 3.2.1 also has important fixes,
> so I decided to upload that to sid directly.
[...] 
> openoffice.org (1:3.2.0-11) unstable; urgency=high
> 
>   * debian/patches/extensions-mozilla-plugin-pc-if-libxul.diff: remove
>     again ..
>   * debian/patches/fix-bashisms-in-configure.diff: in favour of the
>     correct fix (== vs. = breaking with dash)
>   * debian/patches/avoid-execution-of-python-macros-when-browsing.diff:
>     avoid execution of python code when browsing macros (CVE-2010-0395)
> 
>   * debian/rules:
>     - fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but
>       to actually add it to OOO_MOZILLA_ARCHS
> 
>  -- Rene Engelhard <rene@debian.org>  Mon, 31 May 2010 22:50:07 +0200
> 
> (I of course will fix the .changes to contain testing or testing-security)

Overall, I don't see a problem with fixing this via t-p-u, if that's the
route you'd prefer to take.  Looking through the diff, I did spot a
couple of things that weren't directly mentioned in the changelog - one
of the packages has had a duplicated architecture name removed from its
arch list and the build-dependencies have been modified which clutters
the diff a little; after some reformatting, it appears that the latter
change is basically:

-xulrunner-dev [i386 mips mipsel powerpc s390 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc]
-libnss3-dev (>= 3.12.3) [i386 mips mipsel powerpc s390 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc]
+xulrunner-dev [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc]
+libnss3-dev (>= 3.12.3) [i386 mips mipsel powerpc s390 kfreebsd-i386 alpha amd64 kfreebsd-amd64 armel hppa ia64 ppc64 s390x sparc]
 dmake (>= 1:4.11)
-mono-devel (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386]
-libmono-dev (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386]
-mono-utils (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386]
-cli-common-dev (>= 0.5.7) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64 kfreebsd-i386] 
+mono-devel (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64]
+libmono-dev (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64]
+mono-utils (>= 2.4.2.3) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64]
+cli-common-dev (>= 0.5.7) [i386 kfreebsd-i386 amd64 kfreebsd-amd64 ia64]

I'm assuming that's related to:

> * debian/rules: 
> - fix variable to not add kfreebsd-i386 to OOO_MONO_ARCHS twice but
>       to actually add it to OOO_MOZILLA_ARCHS

?

Regards,

Adam

Reply to:

Follow-Ups:
- Re: fixing CVE-2010-0395 for testing
  - From: Rene Engelhard <rene@debian.org>

References:
- fixing CVE-2010-0395 for testing
  - From: Rene Engelhard <rene@debian.org>

Prev by Date: Re: fixing CVE-2010-0395 for testing
Next by Date: Re: fixing CVE-2010-0395 for testing
Previous by thread: Re: fixing CVE-2010-0395 for testing
Next by thread: Re: fixing CVE-2010-0395 for testing
Index(es):
- Date
- Thread