Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bugzilla DB migration completed. Please report issues to Infra team via email via infra@gentoo.org or IRC
Bug 430580 - dev-java/poi: Denial of Service (CVE-2012-0213)
Summary: dev-java/poi: Denial of Service (CVE-2012-0213)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords: PMASKED
Depends on: 402757
Blocks:
  Show dependency tree
 
Reported: 2012-08-09 13:18 UTC by GLSAMaker/CVETool Bot
Modified: 2015-12-20 15:13 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-08-09 13:18:04 UTC
CVE-2012-0213 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0213):
  The UnhandledDataStructure function in
  hwpf/model/UnhandledDataStructure.java in Apache POI 3.8 and earlier allows
  remote attackers to cause a denial of service (OutOfMemoryError exception
  and possibly JVM destabilization) via a crafted length value in a Channel
  Definition Format (CDF) or Compound File Binary Format (CFBF) document.


References

(MISC) https://bugzilla.redhat.com/show_bug.cgi?id=799078
https://bugzilla.redhat.com/show_bug.cgi?id=799078

(DEBIAN) DSA-2468
http://www.debian.org/security/2012/dsa-2468

(SECUNIA) 49040
http://secunia.com/advisories/49040

(FEDORA) FEDORA-2012-10835
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/084609.html
Comment 1 Patrice Clement gentoo-dev 2015-11-12 16:55:31 UTC
Package masked for removal. We will close this bug after the removal.
Comment 2 Kristian Fiskerstrand gentoo-dev Security 2015-11-12 21:53:43 UTC
GLSA Vote: No
Comment 3 Patrice Clement gentoo-dev 2015-12-13 18:34:25 UTC
Package removed.

Security team, please vote.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2015-12-20 15:13:26 UTC
GLSA Vote: No

Thank you all. Closing as noglsa.