http://blog.documentfoundation.org/2011/10/05/the-document-foundation-publishes-details-of-libreoffice-3-4-3-security-fixes/ RedHat security researcher Huzaifa Sidhpurwala identified a memory corruption vulnerability in the code responsible for loading Microsoft Word documents in LibreOffice. This flaw could have been used for nefarious purposes, such as installing viruses, through a specially-crafted file. The corresponding vulnerability description is CVE-2011-2713,”Out-of-bounds property read in binary .doc filter”.
libreoffice is clear of the affected versions (i just forgot to remove 3.3.3 which i did now). So just punt openoffice-bin or whatever you want to do with it...
OpenOffice upstream is working on a fix. No ETA yet, though. When CVE-2011-2713 goes public and no fix exists, I will p.mask openoffice-bin.
More information appears to be available, it is a DoS vulnerability. Adjusting summary and severity.
Arches, please stabilize app-office/openoffice-bin-3.4.0 Target keywords: amd64 x86 ~amd64-linux ~x86-linux
(In reply to comment #4) > Arches, please stabilize app-office/openoffice-bin-3.4.0 > > Target keywords: amd64 x86 ~amd64-linux ~x86-linux x86 stable
amd64 ok
amd64 stable
Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201209-05 at http://security.gentoo.org/glsa/glsa-201209-05.xml by GLSA coordinator Sean Amoss (ackle).
This issue was resolved and addressed in GLSA 201408-19 at http://security.gentoo.org/glsa/glsa-201408-19.xml by GLSA coordinator Kristian Fiskerstrand (K_F).