From ${URL} : Title: CVE-2015-1774 Out of bounds write in HWP file filter Announced: April 27, 2015 Fixed in: LibreOffice 4.3.7/4.4.2 Description: Certain crafted HWP documents can allow attackers to cause a denial of service or possibly the execution of arbitrary code by writing past the end of buffers. All users are recommended to upgrade to LibreOffice 4.3.7 or 4.4.2. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
*** Bug 550114 has been marked as a duplicate of this bug. ***
Let's 1) go for 4.4.3.2 immediately 2) sync this with the icu-55.1 stabilization (libreoffice-bin generation, just think of the climate...) In preparation.
Arches please TEST (especially the binpkg) and stabilize, target "amd64 x86" =app-office/libreoffice-4.4.3.2 =app-office/libreoffice-l10n-4.4.3.2 =app-office/libreoffice-bin-4.4.3.2 =app-office/libreoffice-bin-debug-4.4.3.2 =dev-util/mdds-0.12.0 =dev-libs/libixion-0.9.0 =dev-libs/liborcus-0.7.1 =dev-libs/icu-55.1 (for icu see also bug 546156 for the remaining arches)
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
All vulnerable versions removed. Office out.
CVE-2015-1774 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1774): The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted HWP document, which triggers an out-of-bounds write.
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
This issue was resolved and addressed in GLSA 201603-05 at https://security.gentoo.org/glsa/201603-05 by GLSA coordinator Kristian Fiskerstrand (K_F).
