Secunia writes: A vulnerability has been reported in OpenOffice, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a truncation error within the ""rtl_allocateMemory()" function. This can be exploited to cause an out-of-bounds array access by e.g. tricking a user into opening a malicious document. Successful exploitation may allow the execution of arbitrary code on 64bit platforms. Note: Reportedly, the pre-built packages distributed by OpenOffice.org and versions compiled with the system allocator ("--with-alloc=system" configuration option) are unaffected.
Do we build with --with-alloc=system? (Too lazy to check now, may do tomorrow) If not, we need a patched version...
This has already been discussed some weeks ago. Short answer: Yes, we use --with-alloc=system, so our builds are not vulnerable *** This bug has been marked as a duplicate of bug 234093 ***