Re: [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution
On Mon, Jan 08, 2007 at 05:21:19PM +0100, Paul van der Vlis wrote: > Martin Schulze schreef: > > -- > > Debian Security Advisory DSA 1246-1[EMAIL PROTECTED] > > http://www.debian.org/security/ Martin Schulze > > January 8th, 2007 http://www.debian.org/security/faq > > -- > > > > Package: openoffice.org > > For the stable distribution (sarge) this problem has been fixed in > > version 1.1.3-9sarge4. > > > > For the unstable distribution (sid) this problem has been fixed in > > version 2.0.4-1. > > > > We recommend that you upgrade your openofffice.org package. > > Why is there nothing for Etch? Etch and sid both have fixed packages > 2.0.4-1 now, as you can see from: http://packages.debian.org/cgi-bin/search_packages.pl?keywords=openoffice.org&searchon=names&version=all&release=all Regards, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution
Martin Schulze schreef: > -- > Debian Security Advisory DSA 1246-1[EMAIL PROTECTED] > http://www.debian.org/security/ Martin Schulze > January 8th, 2007 http://www.debian.org/security/faq > -- > > Package: openoffice.org > Vulnerability : buffer overflow > Problem type : local (remote) > Debian-specific: no > CVE ID : CVE-2006-5870 > Debian Bug : 405679 405986 > > John Heasman from Next Generation Security Software discovered a heap > overflow in the handling of Windows Metafiles in OpenOffice.org, the > free office suite, which could lead to a denial of service and > potentially execution of arbitrary code. > > For the stable distribution (sarge) this problem has been fixed in > version 1.1.3-9sarge4. > > For the unstable distribution (sid) this problem has been fixed in > version 2.0.4-1. > > We recommend that you upgrade your openofffice.org package. Why is there nothing for Etch? http://people.debian.org/~terpstra/message/20061224.090602.027e7771.en.html -- There are also good news. One of them is that the security team told us that we now have security support for Etch (and also that Etch has been in a good status for some time now regarding security). -- With regards, Paul. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]