oem-qa team mailing list archive

[feranick <feranick@xxxxxxxxxxx>]

** Changed in: dell-mini
       Status: Confirmed => Fix Released

-- 
Port openoffice 2.4.1-1ubuntu2.1 to dell-mini
https://bugs.launchpad.net/bugs/302755
You received this bug notification because you are a member of OEM
Services QA, which is subscribed to The Dell Mini Project.

Status in Dell Inspiron Mini with Custom Dell UI: Fix Released
Status in “openoffice.org” source package in Ubuntu: Invalid

Bug description:
Binary package hint: openoffice.org

Openoffice in the dell-mini (8.04.1) is in version 2.4.1-1ubuntu2. This is affected by several vulnerabilities (see below), fixed in version 2.4.1-1ubuntu2.1 (stock hardy). This update should be applied to the dell-mini too.




openoffice.org (1:2.4.1-1ubuntu2.1) hardy-security; urgency=low

  * SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
    code execution when processing crafted WMF files
    - patches/src680/cws-sjfixes06.diff: fix integer overflows in
      wmf/winwmf.cxx.
    - http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/winwmf.cxx?r1=1.36&r2=1.36.114.1&view=patch
    - CVE-2008-2237
  * SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
    code execution when processing crafted EMF files
    - patches/src680/cws-sjfixes09.diff: fix multiple parser flaws in
      wmf/enhwmf.cxx.
    - http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/enhwmf.cxx?r1=1.39&r2=1.39.114.1&view=patch
    - CVE-2008-2238
  * SECURITY UPDATE: symlink attack in senddoc which may lead to overwriting
      arbitrary files
    - debian/rules: remove leftover debugging echos in senddoc. Patch from
      Debian
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496361
    - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497618
    - CVE-2008-4937