From http://www.openwall.com/lists/oss-security/2010/08/11/1 Two security flaws have been reported against OpenOffice.org's Impress tool: [1] http://securityevaluators.com/files/papers/CrashAnalysis.pdf A, an integer truncation error, leading to heap-based buffer overflow when processing dictionary property items of the input *.ppt file: References: [2] https://bugzilla.redhat.com/show_bug.cgi?id=622529 [3] http://secunia.com/advisories/40775/ [4] http://securityevaluators.com/files/papers/CrashAnalysis.pdf [5] http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690 B, a short integer overflow, leading to heap-based buffer overflow, when processing *.ppt document with too big polygons References: [6] https://bugzilla.redhat.com/show_bug.cgi?id=622555 [7] http://secunia.com/advisories/40775/ [8] http://securityevaluators.com/files/papers/CrashAnalysis.pdf [9] http://www.openoffice.org/servlets/ReadMsg?list=dev&msgNo=27690 The Red Hat bug appears to have an upstream-approved patch.
CVEs assigned. > A, an integer truncation error, leading to heap-based buffer overflow > > when > > processing dictionary property items of the input *.ppt file: CVE-2010-2935 > > > > B, a short integer overflow, leading to heap-based buffer overflow, > > when processing > > *.ppt document with too big polygons CVE-2010-2936
Sorry for being awfully late on this. Anyway: This is fixed now in openoffice-3.2.1-r1 For openoffice-bin we have to wait for 3.3.0 unfortunately... Nothing we can do here
@openoffice, can we stabilize =app-office/openoffice-bin-3.3.0?
(In reply to comment #3) > @openoffice, can we stabilize =app-office/openoffice-bin-3.3.0? It's still a bit new in the tree, but not one single bug has been filed against it until now. Also -bin updates are usually pretty uncomplicated. So I would say: Yes.
(In reply to comment #4) > So I would say: Yes. Great, thank you. Arches, please test and mark stable: =app-office/openoffice-bin-3.3.0 Target keywords : "amd64 x86"
amd64 installed fine
x86 stable
amd64 done. Thanks Agostino
Thanks, again everyone. Added to existing GLSA request.
This issue was resolved and addressed in GLSA 201408-19 at http://security.gentoo.org/glsa/glsa-201408-19.xml by GLSA coordinator Kristian Fiskerstrand (K_F).