------------------------------------------------------------ revno: 1255 committer: Rene Engelhard <[email protected]> branch nick: lenny timestamp: Sun 2011-01-30 21:53:13 +0100 message: better late than never; add changelog entries for 2.4.1+dfsg-1+lenny1 to -lenny11 modified: changelog
=== modified file 'changelog' --- a/changelog 2009-03-20 21:17:19 +0000 +++ b/changelog 2011-01-30 20:53:13 +0000 @@ -1,3 +1,97 @@ +openoffice.org (1:2.4.1+dfsg-1+lenny11) stable-security; urgency=low + + * ooo-build/patches/src680/security-fixes-from-cws-impress208.diff: fix + possible heap overflow when reading manipulated TGA images + (CVE-2010-4643) + + -- Rene Engelhard <[email protected]> Wed, 05 Jan 2011 22:02:59 +0100 + +openoffice.org (1:2.4.1+dfsg-1+lenny10) stable-security; urgency=high + + * ooo-build/patches/src680/security-fixes-from-cws-os145.diff: fix + CVE-2010-4253: Heap based buffer overflow, PPT files. + + -- Rene Engelhard <[email protected]> Mon, 29 Nov 2010 17:55:27 +0000 + +openoffice.org (1:2.4.1+dfsg-1+lenny9) stable-security; urgency=high + + * ooo-build/patches/src680/tread-invalid-path-segments-correctly.diff: + fix directory traversal vulnerability in OOo (CVE-2010-3450) + * ooo-build/patches/src680/cws-hb22.diff: fix security issues: + - soffice script does not treat empty LD_LIBRARY_PATH like unset one + (CVE-2010-3689) + - Crash in WW8DopTypography::ReadFromMem (CVE-2010-3454) + - Crash in SwRTFParser::ReadNumSecLevel (CVE-2010-3452) + - Out of bounds write in WW8ListManager::WW8ListManager() + (CVE-2010-3453) + - Loading certain RTF document leads to corrupt table model + (CVE-2010-3451) + + -- Rene Engelhard <[email protected]> Fri, 01 Oct 2010 16:24:28 +0200 + +openoffice.org (1:2.4.1+dfsg-1+lenny8) stable-security; urgency=high + + * ooo-build/patches/src680/workspace.impress197.diff: fix CVE-2010-2935 and + CVE-2010-2936 aka SA40775: + two buffer-overflow vulnerabilities in OpenOffice.org Impress + + -- Rene Engelhard <[email protected]> Thu, 19 Aug 2010 11:59:29 +0000 + +openoffice.org (1:2.4.1+dfsg-1+lenny7) stable-security; urgency=high + + * pyuno.avoid.execution.for.browsing.funcs.legacy.python.diff: + avoid execution of python code when browsing macros (CVE-2010-0395) + + -- Rene Engelhard <[email protected]> Mon, 08 Mar 2010 22:33:26 +0100 + +openoffice.org (1:2.4.1+dfsg-1+lenny6) stable-security; urgency=high + + * ooo-build/patches/src680/vba-macro-properties-2.4.diff: fix vba macros + not honouring macro security settings (CVE-2010-0136) + + -- Rene Engelhard <[email protected]> Sat, 26 Dec 2009 21:24:42 +0100 + +openoffice.org (1:2.4.1+dfsg-1+lenny5) stable-security; urgency=high + + * ooo-build/patches/src680/libxmlsec-CVE-2009-0217.diff: fix + CVE-2009-0217 in the internal libxmlsec copy (just the nss part) + * ooo-build/patches/src680/libxmlsec-findcerts.diff: adapt + + -- Rene Engelhard <[email protected]> Tue, 15 Dec 2009 22:03:15 +0000 + +openoffice.org (1:2.4.1+dfsg-1+lenny4) stable-security; urgency=high + + * ooo-build/patches/src680/cws-sjooh680sf01.diff: fix + "OpenOffice.org XPM Import Integer Overflow" (CVE-2009-2949) and + "OpenOffice.org GIF Import Heap Overflow" (CVE-2009-2950) + * ooo-build/patches/src680/cws-hb32showstoppers3ooh680.diff: fix + "OOO sprmTDefTable issue" (CVE-2009-3301) and + "OOO sprmTSetBrc issue" (CVE-2009-3302) + + -- Rene Engelhard <[email protected]> Fri, 13 Nov 2009 22:19:53 +0100 + +openoffice.org (1:2.4.1+dfsg-1+lenny3) stable-security; urgency=high + + * rebuild to get correct $LANGPACKISOS in e.g. broffice.org... + + -- Rene Engelhard <[email protected]> Sun, 21 Jun 2009 01:12:03 +0200 + +openoffice.org (1:2.4.1+dfsg-1+lenny2) stable-security; urgency=high + + * patches/src680/wmf-pattern-brush.diff: backport fix from + ooo-build-3-0-1 branch fixing similar issues like CVE-2008-2237 + in that patch + + -- Rene Engelhard <[email protected]> Tue, 16 Jun 2009 00:00:10 +0200 + +openoffice.org (1:2.4.1+dfsg-1+lenny1) stable-security; urgency=high + + * patches/src680/sw.safe_tdelete_tinsert.diff: fix CVE-2009-0200 + (OpenOffice.org Word Document sprmTDelete Integer Underflow) and + CVE-2009-0201 (OpenOffice.org Word Document sprmTInsert Buffer Overflow) + + -- Rene Engelhard <[email protected]> Fri, 22 May 2009 10:30:16 +0200 + openoffice.org (1:2.4.1+dfsg-1) stable; urgency=low * repackage .orig.tar.gz without rfc1345.txt in liblayout.zip
