Bug 201799 - dev-db/hsqldb < 1.8.0.9 Java code execution (CVE-2007-4575)
Bug#: 201799 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P1
Resolution: FIXED Assigned To: security@gentoo.org Reported By: rbu@gentoo.org
Component: Vulnerabilities
URL:  http://secunia.com/advisories/27928/
Summary: dev-db/hsqldb < 1.8.0.9 Java code execution (CVE-2007-4575)
Keywords:  STABLEREQ
Status Whiteboard: B2 [glsa]
Opened: 2007-12-09 20:46 0000
Description:   Opened: 2007-12-09 20:46 0000 
+++ This bug was initially created as a clone of Bug #200771 +++

Thomas Biege:
  A security vulnerability in HSQLDB, the default database engine shipped
  with OpenOffice.org, may allow a remote unprivileged user who provides a
  StarOffice database document that is opened by a local user to execute
  arbitrary Java code on the system with the privileges of the user
  running OpenOffice.org.

This probably also affects our independent ebuild, too. See bug 111960 and java
overlay for new ebuilds.

------- Comment #1 From Vlastimil Babka (Caster) 2007-12-19 21:59:56 0000 ------- 
*** Bug 111960 has been marked as a duplicate of this bug. ***

------- Comment #2 From Vlastimil Babka (Caster) 2007-12-19 22:01:56 0000 ------- 
Arches, please stabilize the just added dev-db/hsqldb-1.8.0.9

------- Comment #3 From Markus Meier 2007-12-20 13:53:15 0000 ------- 
x86 stable

------- Comment #4 From Pierre-Yves Rofes 2007-12-20 15:25:06 0000 ------- 
Enhancing prioriy, this one should be stabled ASAP so that we can send the
OpenOffice draft. Thanks.

------- Comment #5 From Tobias Scherbaum 2007-12-21 12:51:56 0000 ------- 
ppc stable

------- Comment #6 From Peter Weller 2007-12-26 08:36:41 0000 ------- 
amd64 stable

------- Comment #7 From Tom Gall 2007-12-30 18:00:10 0000 ------- 
stable on ppc64

------- Comment #8 From Pierre-Yves Rofes 2007-12-30 18:31:27 0000 ------- 
GLSA 200712-25, thanks everyone.