OpenOffice 4.1.4 was released on 19 Oct. 2017 Please update this package in portage tree. Also please resolve an issue https://bugs.gentoo.org/529850 in new ebuild. P.S. List of resolved issues: https://bz.apache.org/ooo/buglist.cgi?list_id=233429&query_format=advanced&resolution=FIXED&resolution=FIXED_WITHOUT_CODE&target_milestone=4.1.4 Reproducible: Always
Personally I would recommend you upgrade to LibreOffice. I'm not sure if we bump this once more or rather schedule a cleanup...
(In reply to Andreas Sturmlechner from comment #1) > Personally I would recommend you upgrade to LibreOffice. I tried several times to take a look at LibreOffice but every time found some bugs. Latest version from portage tree (5.2.7.2-r1) and my windows installation (5.3.6) have glitch interface especially "menu" while hover by mouse on it. Also there are I encounter some tiny bugs that are absent for me in OpenOffice. And current portage LibreOffice(-bin) version is obsolete. I use OpenOffice both Gentoo Linux and Windows for ODF formats and I satisfied how it works, as many other users I sure. As for ooxml support there are other office tools with better support of it than in LibreOffice: OnlyOffice, WPS, SoftMaker FreeOffice. What about ebuilds for them? > I'm not sure if we bump this once more or rather schedule a cleanup... Why? The application is still running, fixes are released. The Gentoo Linux is my favourite 'cause it's support simultaneous installation of OpenOffice and LibreOffice - the feature that is not presented in other distributives. SO it give more freedom of choose. As for mentioned above bug - it's reproduce also for LibreOffice(-bin).
Reassigning this bug to me as I'm the maintainer of app-office/openoffice-bin
Information about vulnerabilities that was fixed in OpenOffice-4.1.4: https://www.openoffice.org/security/bulletin.html CVE-2017-3157: Arbitrary file disclosure in Calc and Writer CVE-2017-9806: Out-of-Bounds Write in Writer's WW8Fonts Constructor CVE-2017-12607: Out-of-Bounds Write in Impress' PPT Filter CVE-2017-12608: Out-of-Bounds Write in Writer's ImportOldFormatStyles
(In reply to Chí-Thanh Christopher Nguyễn from comment #3) > Reassigning this bug to me as I'm the maintainer of app-office/openoffice-bin Thanks, should have checked first... Please note wrt bug 529850 the gstreamer version that openoffice-bin seems to depend on is ancient and should be removed from all the remaining reverse-dependencies.
@maintainer(s) preserved previous URL: https://blogs.apache.org/OOo/entry/announcing-apache-openoffice-4-1. Adding new URL for Security Bug Reference. @security, CVE request please. Thank you. Gentoo Security Padawan (jmbailey/mbailey_j)
*** Bug 638334 has been marked as a duplicate of this bug. ***
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ade5387dafde98d4a37f9a63c419a834554f0e69 commit ade5387dafde98d4a37f9a63c419a834554f0e69 Author: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> AuthorDate: 2017-12-14 13:50:40 +0000 Commit: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> CommitDate: 2017-12-14 13:50:40 +0000 app-office/openoffice-bin: security bump to 4.1.4 Bug: https://bugs.gentoo.org/635120 Package-Manager: Portage-2.3.13, Repoman-2.3.3 app-office/openoffice-bin/Manifest | 80 +++++++++ .../openoffice-bin/openoffice-bin-4.1.4.ebuild | 185 +++++++++++++++++++++ 2 files changed, 265 insertions(+)}
x86 stable
amd64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=edbb288bd7337e0b8fab4925fe23987a1a72f071 commit edbb288bd7337e0b8fab4925fe23987a1a72f071 Author: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> AuthorDate: 2017-12-26 02:57:30 +0000 Commit: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org> CommitDate: 2017-12-26 02:57:30 +0000 app-office/openoffice-bin: remove vulnerable version Bug: https://bugs.gentoo.org/635120 Package-Manager: Portage-2.3.13, Repoman-2.3.3 app-office/openoffice-bin/Manifest | 80 --------- .../openoffice-bin/openoffice-bin-4.1.3.ebuild | 185 --------------------- 2 files changed, 265 deletions(-)}
Downgraded to B3 due to no known exploits or PoC for ACE. Demos exist for DoS only. GLSA Vote: No Tree is clean.
