severity 405679 important retitle 405679 [fixed for 2.2, cws cmcfixes30] Buffer overflows in EnhWMFReader::ReadEnhWMF and WMFReader::ReadRecordParams merge 405679 405679 # fixed package for sarge already at the security team found 405679 1.1.3-9sarge3 close 405679 1.1.3-9sarge4 thanks
Hi, Daniel Leidert wrote: > Package: openoffice.org > Version: 2.0.4.dfsg.2-2 > Severity: critical Wrong. 1 critical makes unrelated software on the system (or the whole system) break, or causes serious data loss, or introduces a security hole on systems where you install the package. does *not* fit. installing OOo does not introduce a security hole for your whole system. Besides that you need a special-crafted WMF anyway. 2 grave makes the package in question unusable by most or all users, or causes data loss, or introduces a security hole allowing access to the accounts of users who use the package. More or less, but this is a local exploit where you only can exploit the users' rights whjre you already are using it I'll make it important, see #405679, too > Tags: security patch Discussable. See #405679. > The security issue and a patch were described at > http://www.openoffice.org/issues/show_bug.cgi?id=70042. From what is > written, this vulnerability can be used to execute any code on the > vulnerable system. Please check, if Debian is affected and if Sarge is > affected too. > > Grepping through the changelog and the BTS made me think, that this > issue hasn't been fixed in Debian yet. Yes. Because we are not affected AFAIS. And WTF are you filing a new bug when there already is #405679 for this? And where that bug is marked as pending? I'll probably upload a new package anyway, but you really should learn how to use the BTS (hint: tags and severities and how to look for bugs) Gr??e/Regards, Ren? -- .''`. Ren? Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' [EMAIL PROTECTED] | GnuPG-Key ID: 248AEB73 `- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73
signature.asc
Description: Digital signature