From upstream advisory at $URL: An XML Entity Expansion flaw was found in the way embedded Raptor library processed certain RDF and other XML-based format files. An attacker could create a specially-crafted file in an affected LibreOffice format which when opened could cause arbitrary code execution or local file inclusion.
@security: 1) Some info for the glsa: The first fixed version of libreoffice for all arches is 3.4.3.2-r1 The first fixed version of libreoffice-bin only for amd64 is: 3.4.3.2-r1 x86 seems have problem with 3.4 series and probably will stabilize 3.5 2)The original raptor issue seems B4, but the libreoffice advisory says execution of code, what about it?
Thanks, folks. Looks like stabilization of app-office/libreoffice-{3.5.2.2,bin-3.5.2.2-r1} was completed via bug 411449. GLSA request filed.
This issue was resolved and addressed in GLSA 201209-05 at http://security.gentoo.org/glsa/glsa-201209-05.xml by GLSA coordinator Sean Amoss (ackle).
Remove invalid encoded alias.