Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 430580

Summary: dev-java/poi: Denial of Service (CVE-2012-0213)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: java
Priority: Normal Keywords: PMASKED
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 402757    
Bug Blocks:    

Description GLSAMaker/CVETool Bot gentoo-dev 2012-08-09 13:18:04 UTC
CVE-2012-0213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0213):
  The UnhandledDataStructure function in
  hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows
  remote attackers to cause a denial of service (OutOfMemoryError exception
  and possibly JVM destabilization) via a crafted length value in a Channel
  Definition Format (CDF) or Compound File Binary Format (CFBF) document.


References

(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=799078
https://bugzilla.redhat.com/show_bug.cgi?id=799078

(DEBIAN) DSA-2468
http://www.debian.org/security/2012/dsa-2468

(SECUNIA) 49040
http://secunia.com/advisories/49040

(FEDORA) FEDORA-2012-10835
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084609.html
Comment 1 Patrice Clement gentoo-dev 2015-11-12 16:55:31 UTC
Package masked for removal. We will close this bug after the removal.
Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-11-12 21:53:43 UTC
GLSA Vote: No
Comment 3 Patrice Clement gentoo-dev 2015-12-13 18:34:25 UTC
Package removed.

Security team, please vote.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2015-12-20 15:13:26 UTC
GLSA Vote: No

Thank you all. Closing as noglsa.