Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 320491 (CVE-2010-0395) - <app-office/openoffice-3.2.1-r1: code execution (CVE-2010-0395)
Summary: <app-office/openoffice-3.2.1-r1: code execution (CVE-2010-0395)
Alias: CVE-2010-0395
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on: 340917 345309
  Show dependency tree
Reported: 2010-05-19 03:11 UTC by Robin Johnson
Modified: 2014-08-31 15:21 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2010-05-19 03:11:17 UTC
Please bump to 3.2.1RC1.

The existing 3.2.0m12 does not contain the fix in upstream bug 109550 and bug 109544 that makes OpenOffice very painful to use on some multidesktop setups.
Comment 1 Andreas Proschofsky (RETIRED) gentoo-dev 2010-05-24 15:20:40 UTC
RC1 is in the tree (though masked). Keeping this open for the final release.

Unfortunately I'll be on vacation the next two weeks, so 3.2.1 will be late, I'm afraid...
Comment 2 Richard 2010-05-30 03:34:24 UTC
RC2 was released today. It is available in an overlay, but unfortunately, the overlay interferes with existing things that are installed on my system. Firefox is the most prominent example, which it wants to downgrade.

It would be nice to have the ebuild in the tree bumped to RC2, although I took a look at it and I do not think it is as simple as changing its name to RC2 and putting it in a local overlay.
Comment 3 Silvio 2010-06-07 12:34:17 UTC
Official 3.2.1 is out.
Comment 4 Andreas Proschofsky (RETIRED) gentoo-dev 2010-06-14 11:55:46 UTC
OOo 3.2.1 is in the tree, both source and -bin
Comment 5 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 13:47:22 UTC
Can app-office/openoffice-3.2.1 go stable?
Comment 6 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-01 23:14:11 UTC
CVE-2010-0395 ( 2.x and 3.0 before 3.2.1 allows user-assisted remote
  attackers to bypass Python macro security restrictions and execute
  arbitrary Python code via a crafted OpenDocument Text (ODT) file that
  triggers code execution when the macro directory structure is

Comment 7 Andreas Proschofsky (RETIRED) gentoo-dev 2010-11-11 19:36:54 UTC
(In reply to comment #5)
> Can app-office/openoffice-3.2.1 go stable?

In my view: Definitely. It still has some problems, but not more than any release before.

Please note we should target 3.2.1-r1, as this has two more security fixes
Comment 8 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2011-01-10 12:02:25 UTC
Stabilization is being handled in bug #345309, eh.
Comment 9 Andreas Proschofsky (RETIRED) gentoo-dev 2011-03-16 20:50:20 UTC
With ppc being done, we are finally ready for the advisory
Comment 10 Tim Sammut (RETIRED) gentoo-dev 2011-03-19 22:51:56 UTC
Added to existing GLSA request.
Comment 11 GLSAMaker/CVETool Bot gentoo-dev 2014-08-31 15:21:17 UTC
This issue was resolved and addressed in
 GLSA 201408-19 at
by GLSA coordinator Kristian Fiskerstrand (K_F).