-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello, good people,

The libwpd development team has a pleasure to announce that today, 16th
of March 2007, *libwpd 0.8.9*, codename "Integers, integers, integers,
..", has been released. This release fixes an integer arithmetic
related security issues described as CVE-2007-0002 brought to our
attention by iDefense security. An attacker could create a carefully
crafted Word Perfect file that could cause an application linked with
libwpd, such as OpenOffice, AbiWord, or KWord, to crash or possibly
execute arbitrary code with the current user privileges if the file was
opened by a victim.

The big THANKS goes to iDefense for alerting us about these flaws. It is
a great opportunity to increase our code quality and move a step forward
in our struggle for a world domination :-)

The libwpd code-base was reviewed by us for other similar integer
related issues. Issues discovered were fixed in this release.

Needless to say that libwpd-0.8.9 is API and ABI compatible with all
previous versions from the 0.8.x serices. Users are encouraged to use in
preference this version in their production environment.

So, go and pick it while it is still hot.

Cheers

Fridrich

**********************************************************************
Changes from previous version:

0.8.8 - 0.8.9
- - Fix http://qa.openoffice.org/issues/show_bug.cgi?id=74134, a bug in
WP1 document type detection where we could try to seek to a negative
place in document (Fridrich)
- - Fix a regression wrt. 0.8.7 preventing the conversion of tab table in
WP1 and WP3 file-format (Fridrich)
- - Fixed several overflow bugs reported by iDefense. An attacker could
create a carefully crafted Word Perfect file that could cause an
application linked with libwpd, such as OpenOffice, to crash or possibly
execute arbitrary code if the file was opened by a victim.
(CVE-2007-0002) (iDefense's Sean Larsson, Fridrich)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFF+qUlu9a1imXPdA8RAlHtAJ4uBUoVuIOBCEGH9BBuDe2Klhr+pQCcCjrJ
2DTOiLhLE6wZLNaJQ2azaBU=
=xd3l
-----END PGP SIGNATURE-----

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Libwpd-devel mailing list
Libwpd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libwpd-devel

Reply via email to