Package: openoffice.org Version: 1.1.3-8 Severity: grave Justification: user security hole
The security update fixes a buffer overflow in OpenOffice_org Microsoft Word document reader which could allow a remote attacker sending a handcrafted .doc file to execute code as the user opening the document in OpenOffice. This is tracked by the Mitre CVE ID CAN-2005-0941. http://download.openoffice.org/1.1.4/security_patch.html http://www.securityfocus.com/archive/1/395516 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15) Versions of packages openoffice.org depends on: ii dictionaries-common [openoffi 0.25.3 Common utilities for spelling dict ii openoffice.org-bin 1.1.3-8 OpenOffice.org office suite binary ii openoffice.org-debian-files 1.1.3-8+1 Debian specific parts of OpenOffic ii openoffice.org-l10n-de [openo 1.1.3-8 German language package for OpenOf ii openoffice.org-l10n-en [openo 1.1.3-8 English (US) language package for ii openoffice.org-l10n-es [openo 1.1.3-8 Spanish language package for OpenO ii openoffice.org-l10n-nl [openo 1.1.3-8 Dutch language package for OpenOff ii ttf-opensymbol 1.1.3-8 The OpenSymbol TrueType font ii xml-core 0.09 XML infrastructure and XML catalog -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]