svn commit: r1067841 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/ content/security/cves/CVE-2020-13958.html

[buildbot]

Author: buildbot
Date: Tue Nov 10 23:11:51 2020
New Revision: 1067841

Log:
Staging update by buildbot for ooo-site

Added:
    websites/staging/ooo-site/trunk/content/security/cves/CVE-2020-13958.html
Modified:
    websites/staging/ooo-site/trunk/cgi-bin/   (props changed)
    websites/staging/ooo-site/trunk/content/   (props changed)

Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Nov 10 23:11:51 2020
@@ -1 +1 @@
-1883278
+1883279

Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Tue Nov 10 23:11:51 2020
@@ -1 +1 @@
-1883278
+1883279

Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2020-13958.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2020-13958.html 
(added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2020-13958.html 
Tue Nov 10 23:11:51 2020
@@ -0,0 +1,144 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+    <title>CVE-2020-13958</title>
+    <style type="text/css"></style>
+  
+<!--#include virtual="/scripts/google-analytics.js" --> 
+<!--#include virtual="/scripts/entourage.js" -->
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+  <div id="topbara">
+    <!--#include virtual="/topnav.html" -->
+    <div id="breadcrumbsa"><a href="/">home</a>&nbsp;&raquo;&nbsp;<a 
href="/security/">security</a>&nbsp;&raquo;&nbsp;<a 
href="/security/cves/">cves</a></div>
+  </div>
+  <div id="clear"></div>
+  
+  
+  <div id="content">
+    
+    
+    
+    <p>
+      <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-13958";>
+      CVE-2020-13958
+      </a>
+    </p>
+    <p>
+      <a href="https://www.openoffice.org/security/cves/CVE-2020-13958.html";>
+      Apache OpenOffice Advisory
+      </a>
+    </p>
+    <p style="text-align:center; font-size:largest">
+      <strong>
+        CVE-2020-13958 Unrestricted actions leads to arbitrary code execution 
in crafted documents
+      </strong>
+    </p>
+    <p style="text-align:center; font-size:larger">
+      <strong>
+        Fixed in Apache OpenOffice 4.1.8
+      </strong>
+    </p>
+    <p>
+      <strong>
+        Description
+      </strong>
+    </p>
+    <p>
+      A vulnerability in Apache OpenOffice scripting events allows an attacker 
to construct documents containing
+      hyperlinks pointing to an executable on the target users file system. 
These hyperlinks can be triggered
+      unconditionally. In fixed versions no internal protocol may be called 
from the document event handler and other
+      hyperlinks require a control-click.
+    </p>
+    <p>
+      <strong>
+        Severity: Low
+      </strong>
+    </p>
+    <p>
+      There are no known exploits of this vulnerability.
+      <br />
+      A proof-of-concept demonstration exists.
+    </p>
+    <p>
+      Thanks to the reporter for discovering this issue.
+    </p>
+    <p>
+      <strong>
+        Vendor: The Apache Software Foundation
+      </strong>
+    </p>
+    <p>
+      <strong>
+        Versions Affected
+      </strong>
+    </p>
+    <p>
+      All Apache OpenOffice versions 4.1.7 and older are affected.
+      <br />
+      OpenOffice.org versions may also be affected.
+    </p>
+    <p>
+      <strong>
+        Mitigation
+      </strong>
+    </p>
+    <p>
+      Install Apache OpenOffice 4.1.8 for the latest maintenance and 
cumulative security fixes. Use the Apache OpenOffice
+      <a href="https://www.openoffice.org/download/";>
+        download page
+      </a>.
+    </p>
+
+    <p>
+      <strong>
+        Acknowledgments
+      </strong>
+    </p>
+    <p>
+      The Apache OpenOffice Security Team would like to thank Imre Rad for 
discovering and reporting this attack vector.
+    </p>
+    <p>
+      <strong>
+        Further Information
+      </strong>
+    </p>
+    <p>
+      For additional information and assistance, consult the
+      <a href="https://forum.openoffice.org/";>
+        Apache OpenOffice Community Forums
+      </a>
+      or make requests to the
+      <a href="mailto:us...@openoffice.apache.org";>
+        us...@openoffice.apache.org
+      </a>
+      public mailing list.
+    </p>
+    <p>
+      The latest information on Apache OpenOffice security bulletins can be 
found at the
+      <a href="https://www.openoffice.org/security/bulletin.html";>
+        Bulletin Archive page
+      </a>.
+    </p>
+    <hr />
+    <p>
+      <a href="https://security.openoffice.org";>
+        Security Home
+      </a>
+      -&gt;
+      <a href="https://www.openoffice.org/security/bulletin.html";>
+        Bulletin
+      </a>
+      -&gt;
+      <a href="https://www.openoffice.org/security/cves/CVE-2020-13958.html";>
+        CVE-2020-13958
+      </a>
+    </p>
+  
+  </div>
+<!--#include virtual="/footer.html" -->
+</body>
+</html>