[Oem-qa] [Bug 302755] Re: Port openoffice 2.4.1-1ubuntu2.1 to dell-mini

Thu, 16 Apr 2009 18:50:26 -0700 

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2237

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-2238

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-4937

-- 
Port openoffice 2.4.1-1ubuntu2.1 to dell-mini
https://bugs.launchpad.net/bugs/302755
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: Confirmed
Status in “openoffice.org” source package in Ubuntu: Invalid

Bug description:
Binary package hint: openoffice.org

Openoffice in the dell-mini (8.04.1) is in version 2.4.1-1ubuntu2. This is 
affected by several vulnerabilities (see below), fixed in version 
2.4.1-1ubuntu2.1 (stock hardy). This update should be applied to the dell-mini 
too.




openoffice.org (1:2.4.1-1ubuntu2.1) hardy-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
    code execution when processing crafted WMF files
    - patches/src680/cws-sjfixes06.diff: fix integer overflows in
      wmf/winwmf.cxx.
    - 
http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/winwmf.cxx?r1=1.36&r2=1.36.114.1&view=patch
    - CVE-2008-2237
  * SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
    code execution when processing crafted EMF files
    - patches/src680/cws-sjfixes09.diff: fix multiple parser flaws in
      wmf/enhwmf.cxx.
    - 
http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/enhwmf.cxx?r1=1.39&r2=1.39.114.1&view=patch
    - CVE-2008-2238
  * SECURITY UPDATE: symlink attack in senddoc which may lead to overwriting
      arbitrary files
    - debian/rules: remove leftover debugging echos in senddoc. Patch from
      Debian
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496361
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497618
    - CVE-2008-4937

_______________________________________________
Mailing list: https://launchpad.net/~oem-qa
Post to     : oem-qa@lists.launchpad.net
Unsubscribe : https://launchpad.net/~oem-qa
More help   : https://help.launchpad.net/ListHelp

Reply via email to