From the Debian maintainer:
02:00 _rene_ that's rtl_AllocateMemory? no, doesn't affect us
02:00 _rene_ we build --with-alloc=system
02:00 _rene_ if you don't use that, you are affected, though
02:01 _rene_ and you probably build with --with-alloc=system since it's in
Thanks for checking the others, I'll update the CVE tracker.
** Changed in: openoffice.org (Ubuntu)
Assignee: (unassigned) = Kees Cook (kees)
Status: New = Invalid
--
[CVE-2008-2152] Integer overflow in rtl_allocateMemory() in OpenOffice.org
https://bugs.launchpad.net/bugs/238925
From the dapper builds I did during the last security update, it's in
there, so dapper is not affected either:
$(CONFIGURE_FLAGS) is --disable-post-install-scripts --with-
tag=oob680-m5 --with-system-gcc --with-distro=Ubuntu --with-
vendor=Debian --enable-package-directories --with-installed-ooo-
Thanks for checking the dapper build!
Chris
--
[CVE-2008-2152] Integer overflow in rtl_allocateMemory() in OpenOffice.org
https://bugs.launchpad.net/bugs/238925
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing
As I understand it we are not actually vulnerable to this overflow, but
I will be looking into the issue further tomorrow (Jun 11) to verify for
certain.
Thanks!
Chris Cheney
--
[CVE-2008-2152] Integer overflow in rtl_allocateMemory() in OpenOffice.org
https://bugs.launchpad.net/bugs/238925
