Package: qa.debian.org Severity: important Hi,
let's look at http://packages.qa.debian.org/o/openoffice.org.html. We see at the top: "There are 5 open security issues, please fix them. " Let's look what they are: CVE-2009-0200 Integer underflow in OpenOffice.org (OOo) before 3.1.1 and ... fixed in both etch-security and lenny-security (etch-backports is not relevant anymore) and just waits to be in a point release. Why is this listed as still needing to be fixed? CVE-2009-0201 Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and ... fixed in both etch-security and lenny-security (etch-backports is not relevant anymore) and just waits to be in a point release. Why is this listed as still needing to be fixed? CVE-2009-2139 Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ... CVE-2009-2140 Multiple heap-based buffer overflows in ... CVE-2009-3239 Buffer overflow in the EMF parser implementation in OpenOffice.org ... fixed, but security-tracker buggy.... CVE-2009-3569 Stack-based buffer overflow in OpenOffice.org (OOo) allows remote ... CVE-2009-3570 Unspecified vulnerability in OpenOffice.org (OOo) has unspecified ... CVE-2009-3571 Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact ... http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551068. Nothing to fix there (yet). At least the first too should not be shown! Grüße/Regards, Rene -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
