CAN-2005-0941: "OpenOffice DOC document Heap Overflow"

Automatically imported from Debian bug report #304412 http://bugs.debian.org/304412

Message-ID: <email address hidden>
Date: Wed, 13 Apr 2005 00:38:16 +0200
From: Rene Engelhard <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: CAN-2005-0941: "OpenOffice DOC document Heap Overflow"

--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Package: openoffice.org
Version: 1.1.3-8
Severity: grave
Justification: user security hole
Tags: sarge sid experimental pending

=66rom full-disclosure (http://archives.neohapsis.com/archives/fulldisclosu=
re/2005-04/0218.html):

OpenOffice DOC document Heap Overflow
[Security Advisory]

Advisory:[AD_LAB-05001] OpenOffice DOC document Heap Overflow
Class: Design Error
DATE:30/3/2005
CVEID:CAN-2005-0941
Vulnerable:
    <=3DOpenOffice OpenOffice 1.1.4
    -OpenOffice OpenOffice 2.0dev

Unvulnerable:
    Unknow
Vendor:
     www.openoffice.org

I.DESCRIPTION:
- -------------
     OpenOffice.org is an office productivity suite, including word
processing, spreadsheets, presentations, drawings, data charting,
formula editing, and file conversion facilities.
The vulnerability is caused due to a error within the .Doc document header
processing.This can be exploited to cause a heap-based buffer overflow.=20
[...]

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (990, 'unstable'), (400, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.8-2-k7
Locale: LANG=3Dde_DE@euro, LC_CTYPE=3Dde_DE@euro (charmap=3DISO-8859-15)

Versions of packages openoffice.org depends on:
ii dictionaries-common [openoffi 0.25.4 Common utilities for spelling =
dict
ii openoffice.org-bin 1.1.3-8 OpenOffice.org office suite bi=
nary
ii openoffice.org-debian-files 1.1.3-8+1 Debian specific parts of OpenO=
ffic
ii openoffice.org-l10n-de [openo 1.1.3-8 German language package for Op=
enOf
ii openoffice.org-l10n-en [openo 1.1.3-8 English (US) language package =
for=20
ii ttf-opensymbol 1.1.3-8 The OpenSymbol TrueType font
ii xml-core 0.09 XML infrastructure and XML cat=
alog

-- no debconf information

--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCXE3Y+FmQsCSK63MRAhJIAJ9RvzELacwAKTI4SaAJnoKRbc46FgCfT2cS
T82ElwiAVBKKHvwDTvgTggA=
=//v+
-----END PGP SIGNATURE-----

--cWoXeonUoKmBZSoM--

Message-Id: <20050412231331.838056A1F0@localhost>
Date: Wed, 13 Apr 2005 01:13:31 +0200 (CEST)
From: <email address hidden> (Rene Engelhard)
To: <email address hidden>
Subject: tagging 304412,
 bug 304412 is forwarded to http://wwww.openoffice.org/issues/show_bug.cgi?id=46388

tags 304412 + security
forwarded 304412 http://wwww.openoffice.org/issues/show_bug.cgi?id=46388

Message-Id: <20050413101619.5BBA66A1F0@localhost>
Date: Wed, 13 Apr 2005 12:16:19 +0200 (CEST)
From: <email address hidden> (Rene Engelhard)
To: <email address hidden>
Subject: bug 304412 is forwarded to http://www.openoffice.org/issues/show_bug.cgi?id=46388

forwarded 304412 http://www.openoffice.org/issues/show_bug.cgi?id=46388

Message-Id: <email address hidden>
Date: Wed, 13 Apr 2005 14:12:24 +0100
From: Chris Halls <email address hidden>
To: <email address hidden>
Subject: merging 304412 304469

forwarded 304469 http://www.openoffice.org/issues/show_bug.cgi?id=46388
merge 304412 304469
thanks

*** Bug 15461 has been marked as a duplicate of this bug. ***

Message-Id: <20050414111657.990AC6A1FA@localhost>
Date: Thu, 14 Apr 2005 13:16:57 +0200 (CEST)
From: <email address hidden> (Rene Engelhard)
To: <email address hidden>
Subject: tagging 304412

 # fixed for sid (1.1.3-9)
tags 304412 - sid

Message-Id: <20050417175353.B96C36A292@localhost>
Date: Sun, 17 Apr 2005 19:53:53 +0200 (CEST)
From: <email address hidden> (Rene Engelhard)
To: <email address hidden>
Subject: tagging 304412

 # fixed for experimental (1.1.4-2)
tags 304412 - experimental

Message-Id: <20050417175406.E34D56A292@localhost>
Date: Sun, 17 Apr 2005 19:54:06 +0200 (CEST)
From: <email address hidden> (Rene Engelhard)
To: <email address hidden>
Subject: tagging 304412

 # uploaded to sid/experimental, so not "pending upload" anymore
tags 304412 - pending

Message-ID: <email address hidden>
Date: Wed, 20 Apr 2005 02:00:19 -0700
From: Steve Langasek <email address hidden>
To: <email address hidden>
Subject: Re: CAN-2005-0941: "OpenOffice DOC document Heap Overflow"

--eAbsdosE1cNLO4uF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Hi all,

OOo 1.1.3-9 has been built on all architectures now, and (barring any sudden
new uploads of the package between now and dinstall) will make its way into
testing tomorrow.

Cheers,
--=20
Steve Langasek
postmodern programmer

--eAbsdosE1cNLO4uF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCZhoeKN6ufymYLloRAkj1AKDDRrS3uxP+MNkKWIHamrY8LkFp3wCgxDh0
R+KqIRPny5km/MBIUXsI76M=
=DvfO
-----END PGP SIGNATURE-----

--eAbsdosE1cNLO4uF--

fixed in openoffice.org_1.1.3-8ubuntu3