Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 409455 - <app-office/libreoffice-{,bin-}: XML Entity Expansion flaw by processing RDF file (CVE-2012-0037)
Summary: <app-office/libreoffice-{,bin-}: XML Entity Expansion flaw b...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
Depends on: 411449
  Show dependency tree
Reported: 2012-03-23 15:28 UTC by Agostino Sarubbo
Modified: 2019-06-11 14:48 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-03-23 15:28:56 UTC
From upstream advisory at $URL: 

An XML Entity Expansion flaw was found in the way embedded Raptor library processed certain RDF and other XML-based format files. An attacker could create a specially-crafted file in an affected LibreOffice format which when opened could cause arbitrary code execution or local file inclusion.
Comment 1 Agostino Sarubbo gentoo-dev 2012-03-23 15:41:31 UTC

1) Some info for the glsa:

The first fixed version of libreoffice for all arches is
The first fixed version of libreoffice-bin only for amd64 is:
x86 seems have problem with 3.4 series and probably will stabilize 3.5

2)The original raptor issue seems B4, but the libreoffice advisory says execution of code, what about it?
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-05-25 03:15:20 UTC
Thanks, folks. Looks like stabilization of app-office/libreoffice-{,bin-} was completed via bug 411449. GLSA request filed.
Comment 3 GLSAMaker/CVETool Bot gentoo-dev 2012-09-24 10:56:57 UTC
This issue was resolved and addressed in
 GLSA 201209-05 at
by GLSA coordinator Sean Amoss (ackle).
Comment 4 Thomas Deutschmann gentoo-dev Security 2019-06-11 14:48:44 UTC
Remove invalid encoded alias.