Summary: | <app-office/libreoffice{,-bin}-4.2.5.2: VBA macros executed unconditionally (CVE-2014-0247) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | ulenrich |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1111083 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-06-24 10:40:18 UTC
Version bump is on the way (build testing now). *** Bug 514374 has been marked as a duplicate of this bug. *** app-office/libreoffice-4.2.5.2 and app-office/libreoffice-l10n-4.2.5.2 bumped. Let's give it a few days in ~arch now to find obvious problems. Binary packages in preparation. (In reply to Andreas K. Hüttel from comment #3) > app-office/libreoffice-4.2.5.2 and app-office/libreoffice-l10n-4.2.5.2 > bumped. > > Let's give it a few days in ~arch now to find obvious problems. > Binary packages in preparation. Thanks Andreas for the work. Arches please *test* (especially the bin packages, since I cannot test much there) and then if all is OK mark stable: Target: amd64 x86 =app-office/libreoffice-4.2.5.2 =app-office/libreoffice-l10n-4.2.5.2 =app-office/libreoffice-bin-4.2.5.2 =app-office/libreoffice-bin-debug-4.2.5.2 On x86 the following dependencies are still missing and need be stabilized at the same time, too: =dev-libs/icu-52.1 =dev-cpp/libcmis-0.4.1 =media-libs/libfreehand-0.0.0 =dev-util/mdds-0.10.3 =app-text/libetonyek-0.0.3 =app-text/libabw-0.0.2 =app-text/libodfgen-0.0.4 =app-text/libebook-0.0.2 =app-text/libmwaw-0.2.0 Known minor issues: * The USE=kde variant does not use the KDE file dialogs right now but the default internal ones. We can't do much here since our Qt packages are missing some critical fixes (bug 514968). *** Bug 511144 has been marked as a duplicate of this bug. *** amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. All vulnerable versions removed. Thanks everyone. Arches and Mainter(s), Thank you for your work. Added to an existing GLSA request. This issue was resolved and addressed in GLSA 201408-19 at http://security.gentoo.org/glsa/glsa-201408-19.xml by GLSA coordinator Kristian Fiskerstrand (K_F). CVE-2014-0247 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-0247): LibreOffice 4.2.4 executes unspecified VBA macros automatically, which has unspecified impact and attack vectors, possibly related to doc/docmacromode.cxx. |