Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 201799 - dev-db/hsqldb < 1.8.0.9 Java code execution (CVE-2007-4575)
Summary: dev-db/hsqldb < 1.8.0.9 Java code execution (CVE-2007-4575)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Highest normal (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/27928/
Whiteboard: B2 [glsa]
Keywords: STABLEREQ
: 111960 (view as bug list)
Depends on:
Blocks: 113954
  Show dependency tree
 
Reported: 2007-12-09 20:46 UTC by Robert Buchholz (RETIRED)
Modified: 2007-12-30 18:31 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-12-09 20:46:45 UTC 
+++ This bug was initially created as a clone of Bug #200771 +++

Thomas Biege:
  A security vulnerability in HSQLDB, the default database engine shipped
  with OpenOffice.org, may allow a remote unprivileged user who provides a
  StarOffice database document that is opened by a local user to execute
  arbitrary Java code on the system with the privileges of the user
  running OpenOffice.org.

This probably also affects our independent ebuild, too. See bug 111960 and java overlay for new ebuilds.
Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2007-12-19 21:59:56 UTC 
*** Bug 111960 has been marked as a duplicate of this bug. ***
Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev 2007-12-19 22:01:56 UTC 
Arches, please stabilize the just added dev-db/hsqldb-1.8.0.9
Comment 3 Markus Meier gentoo-dev 2007-12-20 13:53:15 UTC 
x86 stable
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-20 15:25:06 UTC 
Enhancing prioriy, this one should be stabled ASAP so that we can send the OpenOffice draft. Thanks.
Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev 2007-12-21 12:51:56 UTC 
ppc stable
Comment 6 Peter Weller (RETIRED) gentoo-dev 2007-12-26 08:36:41 UTC 
amd64 stable
Comment 7 Tom Gall (RETIRED) gentoo-dev 2007-12-30 18:00:10 UTC 
stable on ppc64
Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-30 18:31:27 UTC 
GLSA 200712-25, thanks everyone.