-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, good people,
The libwpd development team has a pleasure to announce that today, 16th of March 2007, *libwpd 0.8.9*, codename "Integers, integers, integers, ..", has been released. This release fixes an integer arithmetic related security issues described as CVE-2007-0002 brought to our attention by iDefense security. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, AbiWord, or KWord, to crash or possibly execute arbitrary code with the current user privileges if the file was opened by a victim. The big THANKS goes to iDefense for alerting us about these flaws. It is a great opportunity to increase our code quality and move a step forward in our struggle for a world domination :-) The libwpd code-base was reviewed by us for other similar integer related issues. Issues discovered were fixed in this release. Needless to say that libwpd-0.8.9 is API and ABI compatible with all previous versions from the 0.8.x serices. Users are encouraged to use in preference this version in their production environment. So, go and pick it while it is still hot. Cheers Fridrich ********************************************************************** Changes from previous version: 0.8.8 - 0.8.9 - - Fix http://qa.openoffice.org/issues/show_bug.cgi?id=74134, a bug in WP1 document type detection where we could try to seek to a negative place in document (Fridrich) - - Fix a regression wrt. 0.8.7 preventing the conversion of tab table in WP1 and WP3 file-format (Fridrich) - - Fixed several overflow bugs reported by iDefense. An attacker could create a carefully crafted Word Perfect file that could cause an application linked with libwpd, such as OpenOffice, to crash or possibly execute arbitrary code if the file was opened by a victim. (CVE-2007-0002) (iDefense's Sean Larsson, Fridrich) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFF+qUlu9a1imXPdA8RAlHtAJ4uBUoVuIOBCEGH9BBuDe2Klhr+pQCcCjrJ 2DTOiLhLE6wZLNaJQ2azaBU= =xd3l -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Libwpd-devel mailing list Libwpd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libwpd-devel