Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 676122 (CVE-2018-11790)

Summary: <app-office/openoffice-bin-4.1.6 Arithmetic overflow and wrap around during string length calculation (CVE-2018-11790)
Product: Gentoo Security Reporter: Sergey Torokhov <torokhov-s-a>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: chithanh
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
app-office/openoffice-bin-4.1.6 amd64 x86
 Runtime testing required: ---

Description Sergey Torokhov 2019-01-23 19:17:52 UTC 
Apache OpenOffice 1.4.6 was released on 18 November 2018.

There is also a closed vulnerability CVE-2018-11790 [1]
as stated on the Apache OpenOffice Security Team Bulletin page [2].

[1] https://www.openoffice.org/security/cves/CVE-2018-11790.html
[2] https://www.openoffice.org/security/bulletin.html


Chí-Thanh and Security team could you update this package?

Reproducible: Always
Comment 1 Larry the Git Cow gentoo-dev 2019-01-25 20:52:21 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2e13b3f4bb48373edffda315d1ba240893ee385f

commit 2e13b3f4bb48373edffda315d1ba240893ee385f
Author:     Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
AuthorDate: 2019-01-25 20:52:03 +0000
Commit:     Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
CommitDate: 2019-01-25 20:52:03 +0000

    app-office/openoffice-bin: security bump to 4.1.6
    
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=676122
    Signed-off-by: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 app-office/openoffice-bin/Manifest                 |  80 +++++++++
 .../openoffice-bin/openoffice-bin-4.1.6.ebuild     | 190 +++++++++++++++++++++
 2 files changed, 270 insertions(+)
Comment 2 Chí-Thanh Christopher Nguyễn gentoo-dev 2019-01-31 13:30:18 UTC 
Arrches, please stabilize app-office/openoffice-4.1.6
Comment 3 Chí-Thanh Christopher Nguyễn gentoo-dev 2019-01-31 13:31:06 UTC 
I meant of course
app-office/openoffice-bin-4.1.6
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-02-06 11:50:19 UTC 
amd64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2019-02-15 18:21:52 UTC 
x86 stable
Comment 6 Larry the Git Cow gentoo-dev 2019-02-15 19:36:00 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f671f5be5ab9b490609ca0eae518ea230ec64b7b

commit f671f5be5ab9b490609ca0eae518ea230ec64b7b
Author:     Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
AuthorDate: 2019-02-15 19:33:55 +0000
Commit:     Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
CommitDate: 2019-02-15 19:35:49 +0000

    app-office/openoffice-bin: remove vulnerable versions
    
    Bug: https://bugs.gentoo.org/show_bug.cgi?id=676122
    Signed-off-by: Chí-Thanh Christopher Nguyễn <chithanh@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11

 app-office/openoffice-bin/Manifest                 | 160 ------------------
 .../openoffice-bin/openoffice-bin-4.1.4.ebuild     | 188 ---------------------
 .../openoffice-bin/openoffice-bin-4.1.5.ebuild     | 188 ---------------------
 3 files changed, 536 deletions(-)