openoffice.org-emailmerge security update fails
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| update-manager (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: update-manager
[I imagine the bug is not in Update Manager, but in the program/script that u-m attempts to run to update the pkg,
but when a bug is in an update itself, and not in u-m or in a already-existing package (and in fact, perhaps not even in the pkg. that u-m is attempting to load/update, then it is not at all clear where to report the bug.
This is the most logical place I could think of to report it.]
-------
Today (2010-06-08) there were a number of openoffice.org [security-?] updates.
the -emailmerge update failed, and reported that openoffice was running and to shut it down.
It was NOT running, and all other openoffice updates completed successfully.
Openoffice was not running, and had not been running since the previous day, at the end of which the computer was shut down.
I attempted this several times (as it remained in the update-manager list of things to do (not having been successful)).
The same result each time.
The following is description of the particular update, in case it is important.
"Changes for the versions:
1:3.1.1-5ubuntu1.1
1:3.1.1-5ubuntu1.2
Version 1:3.1.1-5ubuntu1.2:
* ooo-build/
ooo-
"auto-execution of python code when manually browsing macro names"
- CVE-2010-0395
"
Also, in case it is important, there were also (2?) updates for update-manager itself in the same group of updates,
and hence the update-manager instance running at the time must have been the previous version, as I doubt that it could change horses in midstream... I would include the --version output for o-m, but it probably would be the newly installed one...
I wasn't sure whether to check "This bug is a security vulnerability " or not.
The unsuccessful update was listed as an important security update, and so the lack of successful completion left whatever security issue oo-emailmerge had unresolved, but whether the bug that caused the update to fail (being unable to tell whether oo was running or not) is itself a security vulnerability, seems unlikely. I decided not to check the box. Your mileage may vary.
ProblemType: Bug
Architecture: i386
CheckboxSubmission: f5de0c2ab8de986
CheckboxSystem: daed2f3d6643b4a
Date: Tue Jun 8 19:10:28 2010
DistroRelease: Ubuntu 9.10
ExecutablePath: /usr/bin/
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release i386 (20091028.5)
InterpreterPath: /usr/bin/python2.6
Package: update-manager 1:0.126.10
PackageArchitec
ProcEnviron:
LANG=en_US.UTF-8
SHELL=/bin/bash
ProcVersionSign
SourcePackage: update-manager
Uname: Linux 2.6.31-22-generic i686
| Scott Cowles Jacobs (scott092707) wrote | #1 |
| Scott Cowles Jacobs (scott092707) wrote | #2 |
| Maarten Bezemer (veger) wrote | #3 |
| Changed in update-manager (Ubuntu): | |
| status: | New → Invalid |
My mistake. Quickstart WAS active. I noticed a strange icon in the notification area (near the volume control et al.), and when I hovered the mouse pointer over it it announced that it was OpenOffice Quickstarter 3.1.
My understanding was that Quickstart was only active after one had used OpenOffice, and then closed it - it would then start quickly the next time in the same session.
There is apparently a way to have it survive reboots, and that option was active.
I selected the option to close Quickstart, and the OpenOffice-
Sorry for the inconvenience.
[I have also announced this Mea Culpa where I also reported this bug (I finally noticed the "bug" was manifesting in a Debconf window) in Debconf, (Bug #593128)]