First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 126433
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Carsten Lohrke <carlo@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 126433 depends on: Show dependency tree
Bug 126433 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2006-03-16 08:24 0000 
http://qa.openoffice.org/issues/show_bug.cgi?id=59032

------- Comment #1 From Stefan Cornelius (RETIRED) 2006-03-16 08:26:36 0000 ------- 
arches please test and mark stable

------- Comment #2 From Luis Medinas (RETIRED) 2006-03-16 09:18:22 0000 ------- 
stable on amd64

------- Comment #3 From Chris Gianelloni (RETIRED) 2006-03-16 11:44:03 0000 ------- 
...and he looked down upon openoffice-bin and saw that it was stable... and
then there was much rejoicing... (stable on x86)

------- Comment #4 From Stefan Cornelius (RETIRED) 2006-03-17 01:53:08 0000 ------- 
Ready for glsa

------- Comment #5 From Stefan Cornelius (RETIRED) 2006-03-17 04:41:18 0000 ------- 
mhh, wait a second: whats up with normal openoffice? There is a curl useflag
and it deps to curl, but does it really link to the external curl of gentoo
(fixed long ago) or does it use the one shipped with openoffice?

------- Comment #6 From Andreas Proschofsky 2006-03-17 06:13:51 0000 ------- 
Indeed, old builds of openoffice-2.0.1 should be vulnerable too if you didn't
use the curl-use-flag (cause in this case the internal curl is being used for
the build). I removed this use-flag yesterday, and we now hard-depend on the
external curl, so for someone doing a fresh build, this is no issue anymore.

Do you want to do me a revision bump (without changes) so that everyone gets
it? Think this would be the best solution, as 2.0.2 is not in the condition to
go stable on most archs.

------- Comment #7 From Stefan Cornelius (RETIRED) 2006-03-17 06:19:15 0000 ------- 
yes, please revbump it

------- Comment #8 From Andreas Proschofsky 2006-03-17 08:38:51 0000 ------- 
I've revision-bumped openoffice-2.0.1, the old ebuild is still in there but is
not vulnerable anymore cause of the aformentioned change I did yesterday.

Also I've removed openoffice-bin-2.0.1 from the tree, so I think everything
should be set for the GLSA.

------- Comment #9 From Thierry Carrez (RETIRED) 2006-03-17 10:15:19 0000 ------- 
openoffice-2.0.1-r1 is stable, ready for GLSA

Fixed versions :
>=openoffice-2.0.1-r1
>=openoffice-bin-2.0.2

------- Comment #10 From Stefan Cornelius (RETIRED) 2006-03-27 10:07:43 0000 ------- 
GLSA 200603-25

Thanks everybody.
First Last Prev Next    No search results available      Search page      Enter new bug