See https://www.libreoffice.org/advisories/cve-2012-4233/ for details
I added 3.5.7.2 and 3.6.3.2 to cvs. For binary I would say lets wait a week and stabilise 3.6.3.2 completely and generate binary from that one?
(In reply to comment #1) > I added 3.5.7.2 and 3.6.3.2 to cvs. > > For binary I would say lets wait a week and stabilise 3.6.3.2 completely and > generate binary from that one? Thanks, Tomáš. We will revisit around 11/11 then.
Arches, please test and mark stable: =app-office/libreoffice-3.6.3.2 Target KEYWORDS="amd64 ppc x86"
(In reply to comment #3) > Arches, please test and mark stable: > =app-office/libreoffice-3.6.3.2 > Target KEYWORDS="amd64 ppc x86" To be more precise, please test and mark stable: app-office/libreoffice-3.6.3.2 app-office/libreoffice-l10n-3.6.3.2 dev-cpp/libcmis-0.2.3-r1 Target KEYWORDS="amd64 ppc x86" Afterwards please keep this bug open for stabilization of the binpackages (which I'll upload after the sources are stabilized).
*** Bug 442252 has been marked as a duplicate of this bug. ***
amd64 stable
x86 and ppc also done.
CVE-2012-4233 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4233): LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and OpenOffice.org (OOo), allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted (1) odt file to vcllo.dll, (2) ODG (Drawing document) file to svxcorelo.dll, (3) PolyPolygon record in a .wmf (Window Meta File) file embedded in a ppt (PowerPoint) file to tllo.dll, or (4) xls (Excel) file to scfiltlo.dll.
Thanks, everyone. GLSA vote: no.
New binary packages have been generated and uploaded: app-office/libreoffice-bin-3.6.3.2 amd64 & x86- please give them a decent beating, and if all works out, please stabilize.
*** Bug 444440 has been marked as a duplicate of this bug. ***
(In reply to comment #10) > New binary packages have been generated and uploaded: > app-office/libreoffice-bin-3.6.3.2 > > amd64 & x86- please give them a decent beating, and if all works out, please > stabilize. ... and dont forget app-office/libreoffice-bin-debug-3.6.3.2 (with the files in /usr/lib/debug; I guess there's not much to test there).
x86 stable
Thanks, folks. GLSA Vote: no too, closing noglsa.