[ubuntu/hardy-security] openoffice.org, openoffice.org_2.4.1-1ubuntu2.5_i386_translations.tar.gz, openoffice.org_2.4.1-1ubuntu2.5_ia64_translations.tar.gz, openoffice.org_2.4.1-1ubuntu2.5_powerpc_translations.tar.gz (delayed), openoffice.org_2.4.1-1ubuntu2.5_amd64_translations.tar.gz, openoffice.org_2.4.1-1ubuntu2.5_lpia_translations.tar.gz 1:2.4.1-1ubuntu2.5 (Accepted)

Ubuntu Installer archive at ubuntu.com
Wed Feb 2 22:06:03 UTC 2011 

openoffice.org (1:2.4.1-1ubuntu2.5) hardy-security; urgency=low

  * SECURITY UPDATE: multiple OpenOffice.org vulnerabilities.
    - ooo-build/patches/src680/workspace.impress197.diff: buffer overflow
      fixes from upstream, patch thanks to Rene Engelhard (CVE-2010-2935,
      CVE-2010-2936).
    - ooo-build/patches/src680/tread-invalid-path-segments-correctly.diff:
      directory traversal fixes from upstream, patch thanks to Rene Engelhard
      (CVE-2010-3450).
    - ooo-build/patches/src680/cws-hb22.diff: multiple fix from upstream,
      patch thanks to Rene Engelhard.
      - corrupt table model in RTF parser (CVE-2010-3451)
      - SwRTFParser::ReadNumSecLevel (CVE-2010-3452)
      - WW8ListManager::WW8ListManager (CVE-2010-3453)
      - WW8DopTypography::ReadFromMem (CVE-2010-3454)
      - LD_LIBRARY_PATH current directory injection (CVE-2010-3689)
    - ooo-build/patches/src680/security-fixes-from-cws-os145.diff: heap
      overflow in PPT fix from upstream, patch thanks to Rene Engelhard
      (CVE-2010-4253).
    - ooo-build/patches/src680/security-fixes-from-cws-impress208.diff:
      heap overflow in TGA fix from upstream, patch thanks to Rene
      Engelhard (CVE-2010-4643).

Date: Tue, 25 Jan 2011 10:30:23 -0800
Changed-By: Kees Cook <kees at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/openoffice.org/1:2.4.1-1ubuntu2.5
-------------- next part --------------
Format: 1.7
Date: Tue, 25 Jan 2011 10:30:23 -0800
Source: openoffice.org
Binary: openoffice.org broffice.org openoffice.org-l10n-za openoffice.org-l10n-in openoffice.org-core openoffice.org-common openoffice.org-java-common openoffice.org-writer openoffice.org-calc openoffice.org-impress openoffice.org-draw openoffice.org-math openoffice.org-base-core openoffice.org-base openoffice.org-style-crystal openoffice.org-style-industrial openoffice.org-style-tango openoffice.org-style-human openoffice.org-style-hicontrast openoffice.org-style-andromeda openoffice.org-kde openoffice.org-gtk openoffice.org-headless openoffice.org-gnome openoffice.org-evolution python-uno openoffice.org-officebean openoffice.org-filter-binfilter openoffice.org-filter-mobiledev libmythes-dev openoffice.org-dtd-officedocument1.0 openoffice.org-presentation-minimizer ure ure-dbg openoffice.org-gcj libuno-cil openoffice.org-qa-tools openoffice.org-qa-api-tests mozilla-openoffice.org openoffice.org-ogltrans openoffice.org-report-builder ttf-opensymbol openoffice.org-dev openoffice.org-dev-doc openoffice.org-sdbc-postgresql
Architecture: source
Version: 1:2.4.1-1ubuntu2.5
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Kees Cook <kees at ubuntu.com>
Description: 
 broffice.org - BrOffice.org office suite
 libmythes-dev - simple thesaurus library (development files)
 libuno-cil - CLI binding for OpenOffice.org
 mozilla-openoffice.org - OpenOffice.org Mozilla plugin
 openoffice.org - OpenOffice.org Office suite
 openoffice.org-base - OpenOffice.org office suite - database
 openoffice.org-base-core - OpenOffice.org office suite -- libdba
 openoffice.org-calc - OpenOffice.org office suite - spreadsheet
 openoffice.org-common - OpenOffice.org office suite architecture independent files
 openoffice.org-core - OpenOffice.org office suite architecture dependent files
 openoffice.org-dev - OpenOffice.org SDK -- development files
 openoffice.org-dev-doc - OpenOffice.org SDK -- documentation
 openoffice.org-draw - OpenOffice.org office suite - drawing
 openoffice.org-dtd-officedocument1.0 - OfficeDocument 1.0 DTD (OpenOffice.org 1.x)
 openoffice.org-evolution - Evolution Addressbook support for OpenOffice.org
 openoffice.org-filter-binfilter - Legacy filters (e.g. StarOffice 5.2) for OpenOffice.org
 openoffice.org-filter-mobiledev - Mobile Devices Filters for OpenOffice.org
 openoffice.org-gcj - OpenOffice.orgs Java libraries (native for use with GIJ)
 openoffice.org-gnome - GNOME Integration for OpenOffice.org (VFS, GConf)
 openoffice.org-gtk - GTK+ Integration for OpenOffice.org (Widgets, Dialogs, Quickstart
 openoffice.org-headless - Headless VCL plugin for OpenOffice.org
 openoffice.org-impress - OpenOffice.org office suite - presentation
 openoffice.org-java-common - OpenOffice.org office suite Java support arch. independent files
 openoffice.org-kde - KDE Integration for OpenOffice.org (Widgets, Dialogs, Addressbook
 openoffice.org-l10n-in - Indic language packages for OpenOffice.org
 openoffice.org-l10n-za - South African language packages for OpenOffice.org
 openoffice.org-math - OpenOffice.org office suite - equation editor
 openoffice.org-officebean - OpenOffice.org Office Bean
 openoffice.org-ogltrans - OpenOffice.org "OpenGL rendered transitions" extension
 openoffice.org-presentation-minimizer - OpenOffice.org Presentation Minimizer extension
 openoffice.org-qa-api-tests - OpenOffice.org API Test Data
 openoffice.org-qa-tools - OpenOffice.org Automatic Test Programs
 openoffice.org-report-builder - OpenOffice.org Report Builder extension
 openoffice.org-sdbc-postgresql - PostgreSQL SDBC driver for OpenOffice.org
 openoffice.org-style-andromeda - Default symbol style for OpenOffice.org
 openoffice.org-style-crystal - Crystal symbol style for OpenOffice.org
 openoffice.org-style-hicontrast - Hicontrast symbol style for OpenOffice.org
 openoffice.org-style-human - Human symbol style for OpenOffice.org
 openoffice.org-style-industrial - Industrial symbol style for OpenOffice.org
 openoffice.org-style-tango - Tango symbol style for OpenOffice.org
 openoffice.org-writer - OpenOffice.org office suite - word processor
 python-uno - Python interface for OpenOffice.org
 ttf-opensymbol - The OpenSymbol TrueType font
 ure        - UNO runtime environment
 ure-dbg    - UNO runtime environment -- debug symbols
Changes: 
 openoffice.org (1:2.4.1-1ubuntu2.5) hardy-security; urgency=low
 .
   * SECURITY UPDATE: multiple OpenOffice.org vulnerabilities.
     - ooo-build/patches/src680/workspace.impress197.diff: buffer overflow
       fixes from upstream, patch thanks to Rene Engelhard (CVE-2010-2935,
       CVE-2010-2936).
     - ooo-build/patches/src680/tread-invalid-path-segments-correctly.diff:
       directory traversal fixes from upstream, patch thanks to Rene Engelhard
       (CVE-2010-3450).
     - ooo-build/patches/src680/cws-hb22.diff: multiple fix from upstream,
       patch thanks to Rene Engelhard.
       - corrupt table model in RTF parser (CVE-2010-3451)
       - SwRTFParser::ReadNumSecLevel (CVE-2010-3452)
       - WW8ListManager::WW8ListManager (CVE-2010-3453)
       - WW8DopTypography::ReadFromMem (CVE-2010-3454)
       - LD_LIBRARY_PATH current directory injection (CVE-2010-3689)
     - ooo-build/patches/src680/security-fixes-from-cws-os145.diff: heap
       overflow in PPT fix from upstream, patch thanks to Rene Engelhard
       (CVE-2010-4253).
     - ooo-build/patches/src680/security-fixes-from-cws-impress208.diff:
       heap overflow in TGA fix from upstream, patch thanks to Rene
       Engelhard (CVE-2010-4643).
Files: 
 54a05090a92dd56aaaae3de41662b766 5973 editors optional openoffice.org_2.4.1-1ubuntu2.5.dsc
 0847bee2a992b16f2ba8acf7c631cf8e 95670575 editors optional openoffice.org_2.4.1-1ubuntu2.5.diff.gz
Original-Maintainer: Debian OpenOffice Team <debian-openoffice at lists.debian.org>

More information about the Hardy-changes mailing list