Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 200771 (CVE-2007-4575) - app-office/openoffice(-bin) < 2.3.1 HSQLDB database Java code execution (CVE-2007-4575)
Summary: app-office/openoffice(-bin) < 2.3.1 HSQLDB database Java code execution (CVE-...
Alias: CVE-2007-4575
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: A2 [glsa]
: 201338 (view as bug list)
Depends on:
Reported: 2007-11-29 20:11 UTC by Robert Buchholz (RETIRED)
Modified: 2008-03-06 09:52 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-29 20:11:31 UTC
Thomas Biege:
  A security vulnerability in HSQLDB, the default database engine shipped
  with, may allow a remote unprivileged user who provides a
  StarOffice database document that is opened by a local user to execute
  arbitrary Java code on the system with the privileges of the user
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-05 10:27:14 UTC
*** Bug 201338 has been marked as a duplicate of this bug. ***
Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-05 10:29:30 UTC
public now. Openoffice herd, please provide an updated ebuild.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-12-05 10:39:37 UTC
We have it in the tree.
Comment 4 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-05 10:46:03 UTC
Arches(In reply to comment #3)
> We have it in the tree.
oops :)
Arches, please test and mark stable ap-office/openoffice-2.3.1 (ppc x86) and app-office/openoffice-bin-2.3.1 (amd64 x86)
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2007-12-06 07:47:20 UTC
-bin stable for x86, source to come (in some hours, anyone else can do it meanwhile)
Comment 6 Christian Faulhammer (RETIRED) gentoo-dev 2007-12-06 19:00:07 UTC
x86 stable
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2007-12-06 21:29:51 UTC
ppc stable
Comment 8 Peter Weller (RETIRED) gentoo-dev 2007-12-08 22:02:04 UTC
amd64 done
Comment 9 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-08 23:31:06 UTC
Comment 10 Andreas Proschofsky (RETIRED) gentoo-dev 2007-12-09 00:16:39 UTC
Vulnerable ebuilds are gone from the tree
Comment 11 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-30 18:32:05 UTC
GLSA 200712-25, thanks everyone.
Comment 12 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:52:40 UTC
Does not affect current (2008.0) release. Removing release.