Bug 201799

Summary:	dev-db/hsqldb < 1.8.0.9 Java code execution (CVE-2007-4575)
Product:	Gentoo Security	Reporter:	Robert Buchholz (RETIRED) <rbu>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	java, wiktorw
Priority:	Highest	Keywords:	STABLEREQ
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/27928/
Whiteboard:	B2 [glsa]
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	113954

Description Robert Buchholz (RETIRED) gentoo-dev

2007-12-09 20:46:45 UTC

+++ This bug was initially created as a clone of Bug #200771 +++

Thomas Biege:
  A security vulnerability in HSQLDB, the default database engine shipped
  with OpenOffice.org, may allow a remote unprivileged user who provides a
  StarOffice database document that is opened by a local user to execute
  arbitrary Java code on the system with the privileges of the user
  running OpenOffice.org.

This probably also affects our independent ebuild, too. See bug 111960 and java overlay for new ebuilds.

Comment 1 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2007-12-19 21:59:56 UTC

*** Bug 111960 has been marked as a duplicate of this bug. ***

Comment 2 Vlastimil Babka (Caster) (RETIRED) gentoo-dev

2007-12-19 22:01:56 UTC

Arches, please stabilize the just added dev-db/hsqldb-1.8.0.9

Comment 3 Markus Meier gentoo-dev

2007-12-20 13:53:15 UTC

x86 stable

Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-12-20 15:25:06 UTC

Enhancing prioriy, this one should be stabled ASAP so that we can send the OpenOffice draft. Thanks.

Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev

2007-12-21 12:51:56 UTC

ppc stable

Comment 6 Peter Weller (RETIRED) gentoo-dev

2007-12-26 08:36:41 UTC

amd64 stable

Comment 7 Tom Gall (RETIRED) gentoo-dev

2007-12-30 18:00:10 UTC

stable on ppc64

Comment 8 Pierre-Yves Rofes (RETIRED) gentoo-dev

2007-12-30 18:31:27 UTC

GLSA 200712-25, thanks everyone.