Binary package hint: openoffice.org
Openoffice in the dell-mini (8.04.1) is in version 2.4.1-1ubuntu2. This is affected by several vulnerabilities (see below), fixed in version 2.4.1-1ubuntu2.1 (stock hardy). This update should be applied to the dell-mini too.
openoffice.org (1:2.4.1-1ubuntu2.1) hardy-security; urgency=low
* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
code execution when processing crafted WMF files
- patches/src680/cws-sjfixes06.diff: fix integer overflows in
wmf/winwmf.cxx.
- http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/winwmf.cxx?r1=1.36&r2=1.36.114.1&view=patch
- CVE-2008-2237
* SECURITY UPDATE: heap-based buffer overflows which may lead to arbitrary
code execution when processing crafted EMF files
- patches/src680/cws-sjfixes09.diff: fix multiple parser flaws in
wmf/enhwmf.cxx.
- http://util.openoffice.org/source/browse/util/svtools/source/filter.vcl/wmf/enhwmf.cxx?r1=1.39&r2=1.39.114.1&view=patch
- CVE-2008-2238
* SECURITY UPDATE: symlink attack in senddoc which may lead to overwriting
arbitrary files
- debian/rules: remove leftover debugging echos in senddoc. Patch from
Debian
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496361
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=497618
- CVE-2008-4937
Why has this bug being marked invalid? As far as I know the version in the mini is just as affected by those bugs as mainstream hardy.
It would be appreciated if when bugs are marked invalid an explanation would be given accordingly for the rest of the users here.