Summary: | app-office/openoffice Numeric truncation error in memory allocator on 64bit (CVE-2008-3282) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | suka |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openoffice.org/issues/show_bug.cgi?id=92217 | ||
Whiteboard: | A2? [ebuild] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
![]() As mentioned, this issue only affects 64bit builds, and therefore only openoffice (not -bin), and only amd64. Andreas, since the patch is public, please commit a revbump including the it in our patchset with an innocent ChangeLog (like your last one). As far as I understand this is only a problem in Suns own memory allocator. Fortunately we are NOT using this anymore in our own OOo builds since March of this year (pre 2.4.1), but rely on the system memory allocator instead. So actually there shouldn't be any action required on our side, as this bug doesn't affect us. Citing a mail from the Debian maintainer on the OOo security list in response to Red Hats planned security advisory: "Please mention that many distros are also not affected because they don't use the custom allocatiors implemented by Sun but malloc() as they should (--with-alloc=system to configure)" Which actually is exactly what we do. Great, thank you for the analysis. I'll close this INVALID and leave it closed until the due date. *** Bug 236083 has been marked as a duplicate of this bug. *** |