http://qa.openoffice.org/issues/show_bug.cgi?id=59032
arches please test and mark stable
stable on amd64
...and he looked down upon openoffice-bin and saw that it was stable... and then there was much rejoicing... (stable on x86)
Ready for glsa
mhh, wait a second: whats up with normal openoffice? There is a curl useflag and it deps to curl, but does it really link to the external curl of gentoo (fixed long ago) or does it use the one shipped with openoffice?
Indeed, old builds of openoffice-2.0.1 should be vulnerable too if you didn't use the curl-use-flag (cause in this case the internal curl is being used for the build). I removed this use-flag yesterday, and we now hard-depend on the external curl, so for someone doing a fresh build, this is no issue anymore. Do you want to do me a revision bump (without changes) so that everyone gets it? Think this would be the best solution, as 2.0.2 is not in the condition to go stable on most archs.
yes, please revbump it
I've revision-bumped openoffice-2.0.1, the old ebuild is still in there but is not vulnerable anymore cause of the aformentioned change I did yesterday. Also I've removed openoffice-bin-2.0.1 from the tree, so I think everything should be set for the GLSA.
openoffice-2.0.1-r1 is stable, ready for GLSA Fixed versions : >=openoffice-2.0.1-r1 >=openoffice-bin-2.0.2
GLSA 200603-25 Thanks everybody.