Summary: | <app-office/libreoffice{,-bin}-5.0.3.2, <app-office/openoffice-bin-4.1.2: multiple vulnerabilities (CVE-2015-{4551,5212,5213,5214}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | chithanh, mgorny |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-11-06 15:25:13 UTC
We're going for 5.0.3.2 as stabilization target (which was bumped today; I guess we can wait for a few days here to make sure nothing's obviously wrong with it). [Note that the crashy gtk3 frontend will be stable.masked.] I'm preparing the binary packages. Arches please test and stabilize, target "amd64 x86" =app-office/libreoffice-5.0.3.2 =app-office/libreoffice-l10n-5.0.3.2 =app-office/libreoffice-bin-5.0.3.2 =app-office/libreoffice-bin-debug-5.0.3.2 =app-text/libmwaw-0.3.6 =app-text/libwps-0.4.2 Please especially do some runtime testing (i.e. start the program and play with it) of the binary package app-office/libreoffice-bin. Note, you can disregard any bugs about crashy behaviour with USE=gtk3; the gtk3 frontend is indeed unstable and the useflag has been stable.masked for libreoffice-5.[01]* amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. All vulnerable versions removed. As detailed in comment #0, 4.4.6 can stay. (In reply to Agostino Sarubbo from comment #0) > From http://www.libreoffice.org/about-us/security/advisories/ : > > > Fixed in LibreOffice 4.4.6/5.0.0 > CVE-2015-5214 DOC Bookmark Status Memory Corruption > > Fixed in LibreOffice 4.4.5/5.0.0 > CVE-2015-4551 Arbitrary file disclosure in Calc and Writer > CVE-2015-5212 ODF Integer Underflow (PrinterSetup Length) > CVE-2015-5213 DOC piecetable Integer Overflow Added to an existing GLSA Request. app-office/openoffice-bin was missed. @maintainer(s), please clean the vulnerable version from the tree: =app-office/openoffice-bin-4.1.1 This issue was resolved and addressed in GLSA 201611-03 at https://security.gentoo.org/glsa/201611-03 by GLSA coordinator Aaron Bauman (b-man). |