[Desktop-packages] [Bug 1316243] Re: [SRU] Prevent DoS via OOXML
This bug was fixed in the package libreoffice - 1:3.5.7-0ubuntu6.1 --- libreoffice (1:3.5.7-0ubuntu6.1) precise; urgency=medium * guard symlink change for special cased platforms libreoffice (1:3.5.7-0ubuntu6) precise; urgency=low [ Ritesh Khadgaray ] * fix symlink permissions (LP: #1200277) [ Bjoern Michaelsen ] * add OOXML fix (LP: #1316243) * drop unused and upstreamed patches: - lp-1194740-fdo-50304-fix-xls-row-height-again.diff - lp-1194740-fdo-51878-fix-regression-of-size-ballooning.diff -- Bjoern MichaelsenThu, 08 May 2014 23:48:13 +0200 ** Changed in: libreoffice (Ubuntu Precise) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1316243 Title: [SRU] Prevent DoS via OOXML Status in “libreoffice” package in Ubuntu: Fix Released Status in “libreoffice” source package in Precise: Fix Released Bug description: LibreOffice 3.5.x allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. SRU data: [Impact] * DoS/application termination upon opening crafted file [Test Case] * none [Regression Potential] * patch affects only OOXML filters for Writer * change is in all upstream LibreOffice releases since 3.6.7/4.0.4, so regression potential is low * patch has been considered fine by the security team [Other Info] * none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1316243] Re: [SRU] Prevent DoS via OOXML
** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1316243 Title: [SRU] Prevent DoS via OOXML Status in “libreoffice” package in Ubuntu: Fix Released Status in “libreoffice” source package in Precise: Fix Committed Bug description: LibreOffice 3.5.x allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. SRU data: [Impact] * DoS/application termination upon opening crafted file [Test Case] * none [Regression Potential] * patch affects only OOXML filters for Writer * change is in all upstream LibreOffice releases since 3.6.7/4.0.4, so regression potential is low * patch has been considered fine by the security team [Other Info] * none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1316243] Re: [SRU] Prevent DoS via OOXML
Hello Björn, or anyone else affected, Accepted libreoffice into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/libreoffice/1:3.5.7-0ubuntu6 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: libreoffice (Ubuntu Precise) Status: In Progress => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1316243 Title: [SRU] Prevent DoS via OOXML Status in “libreoffice” package in Ubuntu: Fix Released Status in “libreoffice” source package in Precise: Fix Committed Bug description: LibreOffice 3.5.x allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. SRU data: [Impact] * DoS/application termination upon opening crafted file [Test Case] * none [Regression Potential] * patch affects only OOXML filters for Writer * change is in all upstream LibreOffice releases since 3.6.7/4.0.4, so regression potential is low * patch has been considered fine by the security team [Other Info] * none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1316243] Re: [SRU] Prevent DoS via OOXML
** Changed in: libreoffice (Ubuntu Precise) Status: New => In Progress -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1316243 Title: [SRU] Prevent DoS via OOXML Status in “libreoffice” package in Ubuntu: Fix Released Status in “libreoffice” source package in Precise: In Progress Bug description: LibreOffice 3.5.x allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. SRU data: [Impact] * DoS/application termination upon opening crafted file [Test Case] * none [Regression Potential] * patch affects only OOXML filters for Writer * change is in all upstream LibreOffice releases since 3.6.7/4.0.4, so regression potential is low * patch has been considered fine by the security team [Other Info] * none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1316243] Re: [SRU] Prevent DoS via OOXML
updated package is here: http://people.canonical.com/~bjoern/precise/3.5.7/ubuntu6/libreoffice_3.5.7-0ubuntu6_source.changes -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1316243 Title: [SRU] Prevent DoS via OOXML Status in “libreoffice” package in Ubuntu: Fix Released Status in “libreoffice” source package in Precise: New Bug description: LibreOffice 3.5.x allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. SRU data: [Impact] * DoS/application termination upon opening crafted file [Test Case] * none [Regression Potential] * patch affects only OOXML filters for Writer * change is in all upstream LibreOffice releases since 3.6.7/4.0.4, so regression potential is low * patch has been considered fine by the security team [Other Info] * none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1316243] Re: [SRU] Prevent DoS via OOXML
** Changed in: libreoffice (Ubuntu) Status: New => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1316243 Title: [SRU] Prevent DoS via OOXML Status in “libreoffice” package in Ubuntu: Fix Released Status in “libreoffice” source package in Precise: New Bug description: LibreOffice 3.5.x allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. SRU data: [Impact] * DoS/application termination upon opening crafted file [Test Case] * none [Regression Potential] * patch affects only OOXML filters for Writer * change is in all upstream LibreOffice releases since 3.6.7/4.0.4, so regression potential is low * patch has been considered fine by the security team [Other Info] * none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1316243] Re: [SRU] Prevent DoS via OOXML
Attaching the debdiff vs. -0ubuntu5 for SRU. ** Patch added: "debdiff 3.5.7-0ubuntu5 -> 3.5.7-0ubuntu6" https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+attachment/4106559/+files/libreoffice_3.5.7-0ubuntu6.diff -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1316243 Title: [SRU] Prevent DoS via OOXML Status in “libreoffice” package in Ubuntu: New Status in “libreoffice” source package in Precise: New Bug description: LibreOffice 3.5.x allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. SRU data: [Impact] * DoS/application termination upon opening crafted file [Test Case] * none [Regression Potential] * patch affects only OOXML filters for Writer * change is in all upstream LibreOffice releases since 3.6.7/4.0.4, so regression potential is low * patch has been considered fine by the security team [Other Info] * none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1316243] Re: [SRU] Prevent DoS via OOXML
** Summary changed: - Prevent DoS via OOXML + [SRU] Prevent DoS via OOXML -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1316243 Title: [SRU] Prevent DoS via OOXML Status in “libreoffice” package in Ubuntu: New Status in “libreoffice” source package in Precise: New Bug description: LibreOffice 3.5.x allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted element in an OOXML document file. SRU data: [Impact] * DoS/application termination upon opening crafted file [Test Case] * none [Regression Potential] * patch affects only OOXML filters for Writer * change is in all upstream LibreOffice releases since 3.6.7/4.0.4, so regression potential is low * patch has been considered fine by the security team [Other Info] * none To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1316243/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
