Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 617330

Summary: app-office/libreoffice: Container-overflow in sdr::table::TableLayouter::SetBorder
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: office
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=956
Whiteboard: A3 [crap]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2017-05-03 12:08:15 UTC 
OSS-Fuzz is a Continuous Fuzzing for Open Source Software.

When a bug is found, it is filed on bugs.chromium.org instead of the upstream's bugzilla.
If the bug at $URL is public, that means that the issue has been fixed in the upstream git repository, so when upstream does not add anything useful in that place, you can:
1) Check the range date when ClusterFuzz has detected that the issue has been fixed and dig into upstream git repository;
2) Check if upstream made a new release after the issue has been fixed;
3) Get in touch with upstream.

See $URL for more details about the issue.

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Andreas K. Hüttel archtester gentoo-dev 2017-05-03 19:20:07 UTC 
1) the hard code freeze for our latest Gentoo libreoffice version was two days before that regression occurred

2) the linked auto-report does not contain reference to a "fixed" commit, only commit ranges

3) the git log of libreoffice master does not contain any reference to ofz#956 in that timeframe

Ago, please stop wasting our time with this. If you continue I will refuse all bug reports that do not refer to upstream (=libreoffice) release numbers or bugs.