142551 – app-office/abiword includes vulnerable libwmf? (CVE-2006-3376)

Bug 142551 - app-office/abiword includes vulnerable libwmf? (CVE-2006-3376)

Summary: app-office/abiword includes vulnerable libwmf? (CVE-2006-3376)

Status:	VERIFIED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [ebuild?] frilled
Keywords:

Depends on:
Blocks:

Reported:	2006-08-02 08:42 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified:	2006-08-11 07:03 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-08-02 08:42:18 UTC

Please see bug #139325 for further details.

Comment 1 Wolf Giesen (RETIRED) gentoo-dev

2006-08-03 00:48:01 UTC

Calling in gnome-office. Could you please check whether the affected code is in the package (see mentioned bug)?

Comment 2 Wolf Giesen (RETIRED) gentoo-dev

2006-08-07 10:09:04 UTC

I looked into it myself, and my understanding is that there's some wrapper code that handles an external libwmf if configured to do so. In my eyes this one can be closed unless auditing or anybody else says otherwise.

There is some obscure version checking though, so it might break after a libwmf update, but then again we'd see another bug filed :]

Comment 3 Wolf Giesen (RETIRED) gentoo-dev

2006-08-11 06:59:21 UTC

Invalidating. Feel free to reopen on sudden insights.

Comment 4 Wolf Giesen (RETIRED) gentoo-dev

2006-08-11 07:03:04 UTC

closed.