Re: [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution
Martin Schulze schreef: -- Debian Security Advisory DSA 1246-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 8th, 2007 http://www.debian.org/security/faq -- Package: openoffice.org Vulnerability : buffer overflow Problem type : local (remote) Debian-specific: no CVE ID : CVE-2006-5870 Debian Bug : 405679 405986 John Heasman from Next Generation Security Software discovered a heap overflow in the handling of Windows Metafiles in OpenOffice.org, the free office suite, which could lead to a denial of service and potentially execution of arbitrary code. For the stable distribution (sarge) this problem has been fixed in version 1.1.3-9sarge4. For the unstable distribution (sid) this problem has been fixed in version 2.0.4-1. We recommend that you upgrade your openofffice.org package. Why is there nothing for Etch? http://people.debian.org/~terpstra/message/20061224.090602.027e7771.en.html -- There are also good news. One of them is that the security team told us that we now have security support for Etch (and also that Etch has been in a good status for some time now regarding security). -- With regards, Paul. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA 1246-1] New OpenOffice.org packages fix arbitrary code execution
On Mon, Jan 08, 2007 at 05:21:19PM +0100, Paul van der Vlis wrote: Martin Schulze schreef: -- Debian Security Advisory DSA 1246-1[EMAIL PROTECTED] http://www.debian.org/security/ Martin Schulze January 8th, 2007 http://www.debian.org/security/faq -- Package: openoffice.org For the stable distribution (sarge) this problem has been fixed in version 1.1.3-9sarge4. For the unstable distribution (sid) this problem has been fixed in version 2.0.4-1. We recommend that you upgrade your openofffice.org package. Why is there nothing for Etch? Etch and sid both have fixed packages 2.0.4-1 now, as you can see from: http://packages.debian.org/cgi-bin/search_packages.pl?keywords=openoffice.orgsearchon=namesversion=allrelease=all Regards, Dominic. -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]