First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 159951
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matt Drew <aetius@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 159951 depends on: 147542 159859 159862 Show dependency tree
Bug 159951 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-01-04 05:14 0000 
http://www.openoffice.org/servlets/ReadMsg?list=releases&msgNo=10454

http://secunia.com/advisories/23612/

Your basic file format handling issue, this time WMF/EMF files.

------- Comment #1 From Matt Drew 2007-01-04 05:32:13 0000 ------- 
setting status and cc'ing herd.

------- Comment #2 From Andreas Proschofsky 2007-01-04 05:40:58 0000 ------- 
Situation is like this:

openoffice-bin 2.0.4 is vulnerable

openoffice-2.0.4 (source based build) is NOT. The fix for this problem has
already been in ooo-build before the initial 2.0.4-release (it's in
http://svn.gnome.org/viewcvs/ooo-build/branches/ooo-build-2-0-4/patches/src680/cws-cmcfixes28.diff?rev=7820&view=markup)

So what I propose is to stabilize openoffice-bin 2.1.0. and openoffice 2.0.4,
afterwards delete the vulnerable versions. There are already bugs about that,
which I'll update and add as a dependency here.

------- Comment #3 From Matt Drew 2007-01-04 06:12:31 0000 ------- 
Thanks suka.

arches please test and mark stable:

app-office/openoffice-bin-2.1.0
app-office/openoffice-2.0.4

target keywords for -bin are: KEYWORDS="amd64 x86"
target keywords for regular are: KEYWORDS="~amd64 ppc sparc x86"

------- Comment #4 From Simon Stelling (RETIRED) 2007-01-04 07:56:15 0000 ------- 
*** Bug 159859 has been marked as a duplicate of this bug. ***

------- Comment #5 From Christian Faulhammer 2007-01-04 08:11:35 0000 ------- 
-bin 2.1.0 x86 stable

------- Comment #6 From Raphael Marichez 2007-01-04 11:16:38 0000 ------- 
*** Bug 160029 has been marked as a duplicate of this bug. ***

------- Comment #7 From Christian Faulhammer 2007-01-05 00:14:40 0000 ------- 
x86 is done with both versions

------- Comment #8 From Michael Cummings (RETIRED) 2007-01-07 05:12:51 0000 ------- 
-bin 2.1.0 amd64 stable

------- Comment #9 From Michael Cummings (RETIRED) 2007-01-07 05:34:57 0000 ------- 
Given: 

(In reply to comment #3)
> target keywords for -bin are: KEYWORDS="amd64 x86"
> target keywords for regular are: KEYWORDS="~amd64 ppc sparc x86"

amd64 should be all set (stable on one, arch testing on the other).

------- Comment #10 From Lars Weiler (RETIRED) 2007-01-07 06:58:57 0000 ------- 
I still have problems with OOo on ppc.  With java-use-flag set it fails during
the compile phase and without it fails on the pyUNO bug #147542...

------- Comment #11 From Andreas Proschofsky 2007-01-07 09:01:29 0000 ------- 
(In reply to comment #10)
> I still have problems with OOo on ppc.  With java-use-flag set it fails during
> the compile phase and without it fails on the pyUNO bug #147542...
> 

I've commented in the pyuno-bug

------- Comment #12 From Gustavo Zacarias (RETIRED) 2007-01-08 18:42:54 0000 ------- 
sparc stable.

------- Comment #13 From Tobias Scherbaum 2007-01-09 18:22:14 0000 ------- 
Works for >3 people on ppc, -> stable!

------- Comment #14 From Stefan Cornelius (RETIRED) 2007-01-09 18:47:45 0000 ------- 
thanks, this is ready for glsa

------- Comment #15 From Andreas Proschofsky 2007-01-09 20:05:12 0000 ------- 
I've removed openoffice-2.0.3 from the tree now

------- Comment #16 From Raphael Marichez 2007-01-12 22:06:52 0000 ------- 
GLSA 200701-07
First Last Prev Next    No search results available      Search page      Enter new bug