camille ~ # glsa-check -t all
This system is affected by the following GLSAs:
200801-19
camille ~ # glsa-check -d 200801-19
GLSA 200801-19:
GOffice: Multiple vulnerabilities
============================================================================
Synopsis: Multiple vulnerabilities in GOffice could result in
the
execution of arbitrary code.
Announced on: January 30, 2008
Last revised on: January 30, 2008: 01
Affected package: x11-libs/goffice
Affected archs: All
Vulnerable: <0.6.1
Unaffected: >=0.6.1 >=~0.4.3
Related bugs: 198385
Background: GOffice is a library of document-centric objects and
utilities based on GTK.
Description: GOffice includes a copy of PCRE which is vulnerable
to
multiple buffer overflows and memory corruptions
vulnerabilities (GLSA 200711-30).
Impact: An attacker could entice a user to open specially
crafted
documents with GOffice, which could possibly lead to
the
execution of arbitrary code, a Denial of Service or
the
disclosure of sensitive information.
Workaround: There is no known workaround at this time.
Resolution: All GOffice 0.4.x users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=x11-libs/goffice-0.4.3"
All GOffice 0.6.x users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose
">=x11-libs/goffice-0.6.1"
References:
GLSA-200711-30:
http://www.gentoo.org/security/en/glsa/glsa-200711-30.xml
camille ~ # emerge -pv ">=x11-libs/goffice-0.6.1"
These are the packages that would be merged, in order:
Calculating dependencies... done!
[ebuild R ] x11-libs/goffice-0.6.1 USE="gnome -debug" 0 kB
Total: 1 package (1 reinstall), Size of downloads: 0 kB
I've emerged this several times and glsa-check still claims it needs to
be fixed. Why?
--
gentoo-user@lists.gentoo.org mailing list
