Summary: | <app-office/libreoffice-{3.5.2.2,bin-3.5.2.2-r1}: XML Entity Expansion flaw by processing RDF file (CVE-2012-0037) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.libreoffice.org/advisories/CVE-2012-0037/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 411449 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2012-03-23 15:28:56 UTC
@security: 1) Some info for the glsa: The first fixed version of libreoffice for all arches is 3.4.3.2-r1 The first fixed version of libreoffice-bin only for amd64 is: 3.4.3.2-r1 x86 seems have problem with 3.4 series and probably will stabilize 3.5 2)The original raptor issue seems B4, but the libreoffice advisory says execution of code, what about it? Thanks, folks. Looks like stabilization of app-office/libreoffice-{3.5.2.2,bin-3.5.2.2-r1} was completed via bug 411449. GLSA request filed. This issue was resolved and addressed in GLSA 201209-05 at http://security.gentoo.org/glsa/glsa-201209-05.xml by GLSA coordinator Sean Amoss (ackle). Remove invalid encoded alias. |