Processed: Re: Bug#454463: openoffice.org: CVE-2007-4575 possibly arbitrary code execution through crafted database files
Processing commands for [EMAIL PROTECTED]: found 454463 2.0.4.dfsg-7etch2 Bug#454463: openoffice.org: CVE-2007-4575 possibly arbitrary code execution through crafted database files Bug marked as found in version 2.0.4.dfsg-7etch2. close 454463 2.0.4.dfsg-7etch4 Bug#454463: openoffice.org: CVE-2007-4575 possibly arbitrary code execution through crafted database files 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 2.0.4.dfsg-7etch4, send any further explanations to Nico Golde [EMAIL PROTECTED] found 454463 2.2.1-10 Bug#454463: openoffice.org: CVE-2007-4575 possibly arbitrary code execution through crafted database files Bug marked as found in version 2.2.1-10 and reopened. found 454463 1:2.3.0.dfsg-1 Bug#454463: openoffice.org: CVE-2007-4575 possibly arbitrary code execution through crafted database files Bug marked as found in version 1:2.3.0.dfsg-1. close 454463 1:2.3.1~rc1-1 Bug#454463: openoffice.org: CVE-2007-4575 possibly arbitrary code execution through crafted database files 'close' is deprecated; see http://www.debian.org/Bugs/Developer#closing. Bug marked as fixed in version 1:2.3.1~rc1-1, send any further explanations to Nico Golde [EMAIL PROTECTED] thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#454463: openoffice.org: CVE-2007-4575 possibly arbitrary code execution through crafted database files
Package: openoffice.org Severity: grave Tags: security Hi Rene, the following CVE (Common Vulnerabilities Exposures) id was published for openoffice.org. CVE-2007-4575[0]: | Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB) | Synopsis: users opening specially crafted database documents may allow | attackers to execute arbitrary static Java code State: Resolved 1. Impact | | A security vulnerability in HSQLDB, the default database engine shipped with | OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary | static Java code, by manipulating database documents to be opened by a user. | 2. Affected releases | | All versions prior to OpenOffice.org 2.3.1 3. Symptoms | | There are no predictable symptoms that would indicate this issue has occurred | 4. Relief/Workaround | | There is no workaround. See Resolution below. 5. Resolution | | This issue is addressed in the following releases: | | HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1 If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://www.openoffice.org/security/cves/CVE-2007-4575.html Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgphe1d8K6YmG.pgp Description: PGP signature
Bug#454463: openoffice.org: CVE-2007-4575 possibly arbitrary code execution through crafted database files
found 454463 2.0.4.dfsg-7etch2 close 454463 2.0.4.dfsg-7etch4 found 454463 2.2.1-10 found 454463 1:2.3.0.dfsg-1 close 454463 1:2.3.1~rc1-1 thanks Hi, Nico Golde wrote: the following CVE (Common Vulnerabilities Exposures) id was published for openoffice.org. CVE-2007-4575[0]: | Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB) | Synopsis: users opening specially crafted database documents may allow | attackers to execute arbitrary static Java code State: Resolved 1. Impact | | A security vulnerability in HSQLDB, the default database engine shipped with | OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary | static Java code, by manipulating database documents to be opened by a user. | 2. Affected releases | | All versions prior to OpenOffice.org 2.3.1 3. Symptoms | | There are no predictable symptoms that would indicate this issue has occurred | 4. Relief/Workaround | | There is no workaround. See Resolution below. 5. Resolution | | This issue is addressed in the following releases: | | HSQLDB 1.8.0.9 / OpenOffice.org 2.3.1 If you fix this vulnerability please also include the CVE id in your changelog entry. For further information: [0] http://www.openoffice.org/security/cves/CVE-2007-4575.html Yep. Already known to me since Oct, 04 :) The version in experimental (and hsqldb 1.8.0.9-x) is fixed. 1:2.3.1-1 hangs in NEW, though (it will add the CVE mentioning to 1:2.3.1~rc1-1's changelog). Joey already has fixed versions for etch (-7etch4), just the DSA needs sending out.. Closing with the appropriate versions. Grüße/Regards, René -- .''`. René Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' [EMAIL PROTECTED] | GnuPG-Key ID: 248AEB73 `- Fingerprint: 41FA F208 28D4 7CA5 19BB 7AD9 F859 90B0 248A EB73 signature.asc Description: Digital signature