-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 retitle 405679 Buffer overflows in EnhWMFReader::ReadEnhWMF and WMFReader::ReadRecordParams severity 405679 grave close 405679 2.0.4-1 thanks
[ sorry for the reference to the same bugnr. My error, cut'n'pasted the wrong nr And I also confused two distinct issues - I meant #404105 but that's something else. I didn't think of anyone coming with this old thing now.. But it's still not critical anyway ] Hi, Rene Engelhard wrote: > > The security issue and a patch were described at > > http://www.openoffice.org/issues/show_bug.cgi?id=70042. From what is > > written, this vulnerability can be used to execute any code on the > > vulnerable system. Please check, if Debian is affected and if Sarge is > > affected too. Sarge is but the fix is already at the security team (just that NGS decided to make the issue public just the time Joey is not available....). "Debian" (I think you wanted to say etch/sid/experimental) isn't affected since 2.0.4-1 (yes, that's NO typo) the patch already was included. (by looking at the diff and seeing cmcfixes28 mentioned there would have helped, too, if you were grepping the changelog anyway ou also could have grepped the diff or the apply file, but anyway...) The next upload will have the backport and the CVE mentioned, which I didn't do yet because the issue was embargoed till some days ago (where I was on vacaction..). Regards, Rene -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFFnrSx+FmQsCSK63MRApW9AJ9gQD7tqkuTHFanrzGH+1CrbduTrACbBnJI r7DK9ruf4tyv/PicqKGurKs= =S0tp -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]