Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 575152 (CVE-2016-0795) - <app-office/libreoffice{-bin,bin-debug,l10n,}-5.0.52: denial of service (memory corruption) (CVE-2016-0795)
Summary: <app-office/libreoffice{-bin,bin-debug,l10n,}-5.0.52: denial of service (memo...
Status: RESOLVED FIXED
Alias: CVE-2016-0795
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.libreoffice.org/about-us/...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-02-19 13:48 UTC by Aaron Bauman
Modified: 2016-06-18 11:08 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-02-19 13:48:46 UTC
LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.

CVE:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0795

Upstream Fix:
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
Comment 1 Andreas Sturmlechner gentoo-dev 2016-02-19 21:27:49 UTC
PR with 5.0.5.2 release exists: https://github.com/gentoo/gentoo/pull/807
Comment 2 Lars Wendler (Polynomial-C) gentoo-dev 2016-02-19 22:04:54 UTC
commit cb36ebae854f4e961a84086d37a929527cb0176c
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Fri Feb 19 23:04:02 2016

    app-office/libreoffice-l10n: Security bump (bug #575152).

    Package-Manager: portage-2.2.27
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>

commit 8979b009efc080cd59bbe5368cc2eca8ebb51084
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Fri Feb 19 23:02:49 2016

    app-office/libreoffice: Security bump (bug #575152).

    Package-Manager: portage-2.2.27
    Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Comment 3 Andreas K. Hüttel archtester gentoo-dev 2016-02-20 16:25:48 UTC
still needs libreoffice-bin rebuild; I'm at it
Comment 4 Andreas K. Hüttel archtester gentoo-dev 2016-02-28 22:08:33 UTC
Arches please TEST (especially the fresh -bin package) and stabilize

=app-office/libreoffice-5.0.5.2
=app-office/libreoffice-l10n-5.0.5.2
=app-office/libreoffice-bin-5.0.5.2
=app-office/libreoffice-bin-debug-5.0.5.2

Target: amd64 x86
Comment 5 Agostino Sarubbo gentoo-dev 2016-03-02 17:05:14 UTC
amd64 stable
Comment 6 Agostino Sarubbo gentoo-dev 2016-03-02 17:06:02 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 7 Andreas K. Hüttel archtester gentoo-dev 2016-03-03 19:47:45 UTC
Cleanup done. Thanks everyone. Office out.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2016-03-29 06:28:23 UTC
CVE-2016-0795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0795):
  LibreOffice before 5.0.5 allows remote attackers to cause a denial of
  service (memory corruption) or possibly have unspecified other impact via a
  crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
Comment 9 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-06-01 11:30:07 UTC
GLSA Vote: No