Gentoo Bug 200771 - app-office/openoffice(-bin) < 2.3.1 HSQLDB database Java code execution (CVE-2007-4575)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	200771
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 200771 depends on:			Show dependency tree
Bug 200771 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-11-29 20:11 0000

Thomas Biege:
  A security vulnerability in HSQLDB, the default database engine shipped
  with OpenOffice.org, may allow a remote unprivileged user who provides a
  StarOffice database document that is opened by a local user to execute
  arbitrary Java code on the system with the privileges of the user
  running OpenOffice.org.

------- Comment #1 From Pierre-Yves Rofes 2007-12-05 10:27:14 0000 -------

*** Bug 201338 has been marked as a duplicate of this bug. ***

------- Comment #2 From Pierre-Yves Rofes 2007-12-05 10:29:30 0000 -------

public now. Openoffice herd, please provide an updated ebuild.

------- Comment #3 From Robert Buchholz 2007-12-05 10:39:37 0000 -------

We have it in the tree.

------- Comment #4 From Pierre-Yves Rofes 2007-12-05 10:46:03 0000 -------

Arches(In reply to comment #3)
> We have it in the tree.
> 
oops :)
Arches, please test and mark stable ap-office/openoffice-2.3.1 (ppc x86) and
app-office/openoffice-bin-2.3.1 (amd64 x86)

------- Comment #5 From Christian Faulhammer 2007-12-06 07:47:20 0000 -------

-bin stable for x86, source to come (in some hours, anyone else can do it
meanwhile)

------- Comment #6 From Christian Faulhammer 2007-12-06 19:00:07 0000 -------

x86 stable

------- Comment #7 From Tobias Scherbaum 2007-12-06 21:29:51 0000 -------

ppc stable

------- Comment #8 From Peter Weller 2007-12-08 22:02:04 0000 -------

amd64 done

------- Comment #9 From Pierre-Yves Rofes 2007-12-08 23:31:06 0000 -------

glsarequestfiled

------- Comment #10 From Andreas Proschofsky 2007-12-09 00:16:39 0000 -------

Vulnerable ebuilds are gone from the tree

------- Comment #11 From Pierre-Yves Rofes 2007-12-30 18:32:05 0000 -------

GLSA 200712-25, thanks everyone.

------- Comment #12 From Peter Volkov 2008-03-06 09:52:40 0000 -------

Does not affect current (2008.0) release. Removing release.

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 200771

app-office/openoffice(-bin) < 2.3.1 HSQLDB database Java code execution (CVE-2007-4575)

Last modified: 2008-03-06 09:52:40 0000