Summary: | <app-office/libreoffice{,-bin}-3.5.4.2-r1 : Integer Overflow (CVE-2012-1149) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Harrison <n0idx80> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | office |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.libreoffice.org/advisories/cve-2012-1149/ | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Harrison
2012-05-18 06:31:14 UTC
Should be fixed in our tree as it was fixed in libreoffice in december. http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5&id=1387ae23816db26066ab79b0c4ad33e6e0f2d968 But hey I want to stabilise 3.5.4.2 anyway, so lets use this bug as arches at least do it faster ^_^ I think it was announced now because apache-oo has finaly release. Thanks, Tomáš. 3.5.3 is listed as first fixed releases. Do we want to stabilize =app-office/libreoffice-3.5.3.2, 3.5.4.2, or something else? And would you mind adding a fixed libreoffice-bin too please? (In reply to comment #2) > But hey I want to stabilise 3.5.4.2 anyway, so lets use this bug as arches > at least do it faster ^_^ (In reply to comment #4) > Thanks, Tomáš. 3.5.3 is listed as first fixed releases. Do we want to > stabilize =app-office/libreoffice-3.5.3.2, 3.5.4.2, or something else? And > would you mind adding a fixed libreoffice-bin too please? I'd say stabilization candidate is 3.5.4.2 (as Tomas stated above), but we should probably wait until that version has made the step from "official rc, highly likely to be identical to final" to "official 3.5.4 release". I'll prepare the binaries as soon as the source packages are stable. Lets roll: Arches please test and stabilise app-office/libreoffice-3.5.4.2-r1. Cheers Tom ppc done. amd64 ok amd64: pass libreoffice-3.5.4.2-r1.ebuild stable for amd64, thanks k01 and Armageddon. Just for the record, I'll redo the binaries after the sources are stable (so there is a consistent set of libraries to build against). x86 stable. @office, go ahead with building of -bin packages. Binary packages are up... Arches please test and stabilize app-office/libreoffice-bin-3.5.4.2-r1 app-office/libreoffice-bin-debug-3.5.4.2-r1 Target amd64 x86 x86: all binary install ok. (tried install with specific USE flags: no problems for me). Also all *DEPEND compiles ok. I'm not see problems and no complaints from repoman. libreoffice-bin-debug: in src_install() does not exist || die for trivial install method, please check and fix it. Please mark stable for x86. (In reply to comment #15) > libreoffice-bin-debug: in src_install() does not exist || die for trivial > install method, please check and fix it. "|| die" added, thanks (In reply to comment #14) > app-office/libreoffice-bin-3.5.4.2-r1 > app-office/libreoffice-bin-debug-3.5.4.2-r1 amd64 ok amd64 stable x86 stable (In reply to comment #19) > x86 stable app-office/libreoffice-bin-debug-3.5.4.2-r1 is missing > 11 Jun 2012; Jeff Horelick <jdhore@gentoo.org> > -libreoffice-bin-debug-3.5.2.2-r1.ebuild: > Remove old (broken) version. > 11 Jun 2012; Jeff Horelick <jdhore@gentoo.org> > libreoffice-bin-debug-3.5.4.2-r1.ebuild: > marked x86 per dilfridge Thanks, everyone. Adding to existing GLSA request. This issue was resolved and addressed in GLSA 201209-05 at http://security.gentoo.org/glsa/glsa-201209-05.xml by GLSA coordinator Sean Amoss (ackle). |