Author: buildbot
Date: Wed May 16 13:41:06 2012
New Revision: 817923
Log:
Staging update by buildbot for openofficeorg
Added:
websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-1149.html
websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2149.html
websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2334.html
Modified:
websites/staging/ooo-site/trunk/cgi-bin/ (props changed)
websites/staging/ooo-site/trunk/content/ (props changed)
Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed May 16 13:41:06 2012
@@ -1 +1 @@
-1339073
+1339161
Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed May 16 13:41:06 2012
@@ -1 +1 @@
-1339073
+1339161
Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-1149.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-1149.html
(added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-1149.html
Wed May 16 13:41:06 2012
@@ -0,0 +1,71 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+
+ <title>CVE-2012-1149</title>
+ <style type="text/css"></style>
+
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a> » <a
href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+
+ <h2><a
+
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1149";>CVE-2012-1149</a></h2>
+
+ <h3>
+ OpenOffice.org integer overflow error in vclmi.dll module when allocating
+ memory for an embedded image object
+ </h3>
+
+ <ul>
+
+ <h4>Severity: Important</h4>
+
+ <h4>Vendor: The Apache Software Foundation</h4>
+
+ <h4>Versions Affected:</h4>
+ <ul>
+ <li>OpenOffice.org 3.3 and 3.4 Beta, on
all platforms.</li>
+ <li>Earlier versions may be also
affected.</li>
+ </ul>
+
+
+<h4>Description:</h4>
+<p> The vulnerability is caused due to an integer overflow error in the
+vclmi.dll module when allocating memory for an embedded image object. This can
+be exploited to cause a heap-based buffer overflow via, for example using a
+specially crafted JPEG object within a DOC file.</p>
+
+ <h4>Mitigation</h4>
+ <p>OpenOffice.org 3.3.0 and 3.4 beta users are advised to <a
+href="http://download.openoffice.org";>upgrade to Apache OpenOffice 3.4<a/>.
Users who are unable to upgrade immediately
+should be cautious when opening untrusted documents.</p>
+
+<h4>Credits</h4>
+
+<p>The Apache OpenOffice Security Team credits Tielei Wang via Secunia SVCRP
as
+ the discoverer of this flaw.</p>
+
+ <hr />
+
+ <p><a href="http://security.openoffice.org";>Security Home</a> -> <a
href="../bulletin.html">Bulletin</a> ->
+ <a href="CVE-2012-1149.html">CVE-2012-1149</a></p>
+
+ </div>
+
+<!--#include virtual="/footer.html" -->
+
+</body>
+</html>
Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2149.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2149.html
(added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2149.html
Wed May 16 13:41:06 2012
@@ -0,0 +1,68 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+
+ <title>CVE-2012-2149</title>
+ <style type="text/css"></style>
+
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a> » <a
href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+
+ <h2><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2149";>CVE-2012-2149</a></h2>
+
+ <h3>
+ OpenOffice.org memory overwrite vulnerability
+ </h3>
+
+ <ul>
+
+ <h4>Severity: Important</h4>
+
+ <h4>Vendor: The Apache Software Foundation</h4>
+
+ <h4>Versions Affected:</h4>
+ <ul>
+ <li>OpenOffice.org 3.3 and 3.4 Beta, on
all platforms.</li>
+ <li>Earlier versions may be also
affected.</li>
+ </ul>
+
+
+<h4>Description:</h4>
+<p>
+Description: Effected versions of OpenOffice.org use a customized libwpd that
has an memory overwrite vulnerability that could be exploited by
+a specially crafted Wordperfect WPD-format document, potentially leading to
arbitrary-code execution at application user privilege level.</p>
+
+ <h4>Mitigation</h4>
+ <p>OpenOffice.org 3.3.0 and 3.4 beta users are advised to <a
+href="http://download.openoffice.org";>upgrade to Apache OpenOffice 3.4</a>,
where
+WPD files are ignored. Users who are unable to upgrade immediately should be
+cautious when oppening untrusted WPD documents.</p>
+
+<h4>Credits</h4>
+
+<p>The Apache OpenOffice Security Team acknowledges Kestutis Gudinavicius of
SEC Consult Unternehmensberatung GmbH as the discoverer of this flaw.</p>
+
+ <hr />
+
+ <p><a href="http://security.openoffice.org";>Security Home</a> -> <a
href="../bulletin.html">Bulletin</a> ->
+ <a href="CVE-2012-2149.html">CVE-2012-2149</a></p>
+
+ </div>
+
+<!--#include virtual="/footer.html" -->
+
+</body>
+</html>
Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2334.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2334.html
(added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2334.html
Wed May 16 13:41:06 2012
@@ -0,0 +1,65 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+
+ <title>CVE-2012-2334</title>
+ <style type="text/css">
+ </style>
+
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a> » <a
href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+
+<h2><a
+href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2334";>CVE-2012-2334</a></h2>
<h3>Vulnerabilities related to
+malformed Powerpoint files in OpenOffice.org 3.3.0</h3>
+<ul>
+ <h4>Severity: Important</h4> <h4>Vendor: The Apache Software
Foundation</h4> <h4>Versions Affected:</h4>
+ <ul>
+ <li>
+ OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
+ </li>
+ <li>
+ Earlier versions may be also affected.
+ </li>
+ </ul>
+ <h4>Description:</h4>
+ <p>
+ A review of the code in filter/source/msfilter msdffimp.cxx revealed some
unchecked memory allocations, which could be
+ exploited via malformed Powerpoint graphics records ("escher") to cause
bad_alloc exceptions. From this vulnerability a
+ denial of service attack is possible.
+ </p>
+ <h4>Mitigation</h4>
+ <p>
+ OpenOffice.org 3.3.0 and 3.4 beta users are advised to <a
+ href="http://download.openoffice.org";>upgrade to Apache OpenOffice
3.4<a/>. Users who are unable to upgrade immediately
+ should be cautious when opening untrusted documents.
+ </p>
+ <h4>Credits</h4>
+ <p>
+ The Apache OpenOffice Security Team credits Sven Jacobias as the
discoverer
+ of this flaw.
+ </p>
+ <hr />
+ <p>
+ <a href="http://security.openoffice.org";>Security Home</a> -> <a
href="../bulletin.html">Bulletin</a> -> <a
href="CVE-2012-2334.html">CVE-2012-2334</a>
+ </p>
+
+ </div>
+
+<!--#include virtual="/footer.html" -->
+
+</body>
+</html>
