[openoffice.org] [CVE-2007-4575] Potential arbitrary code execution vulnerability in 3rd party module (HSQLDB)
Bug #174112 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
hsqldb (Gentoo Linux) |
Fix Released
|
Medium
|
|||
openoffice.org (Gentoo Linux) |
Fix Released
|
High
|
|||
openoffice.org (Ubuntu) |
Fix Released
|
Critical
|
Unassigned | ||
Dapper |
Fix Released
|
Critical
|
Kees Cook | ||
Edgy |
Won't Fix
|
Critical
|
Kees Cook | ||
Feisty |
Fix Released
|
Critical
|
Kees Cook | ||
Gutsy |
Fix Released
|
Critical
|
Kees Cook |
Bug Description
Binary package hint: openoffice.org
References:
http://
Quoting:
"A security vulnerability in HSQLDB, the default database engine shipped with OpenOffice.org 2 (all versions), may allow attackers to execute arbitrary static Java code, by manipulating database documents to be opened by a user."
CVE References
Changed in openoffice.org: | |
assignee: | nobody → ccheney |
importance: | Undecided → Critical |
status: | New → Confirmed |
Changed in openoffice.org: | |
status: | Confirmed → In Progress |
Changed in hsqldb: | |
status: | Unknown → Fix Released |
Changed in openoffice.org: | |
status: | Unknown → Fix Released |
Changed in openoffice.org: | |
assignee: | ccheney → nobody |
status: | In Progress → Fix Released |
assignee: | nobody → ccheney |
importance: | Undecided → Critical |
status: | New → In Progress |
assignee: | nobody → ccheney |
importance: | Undecided → Critical |
status: | New → In Progress |
assignee: | nobody → ccheney |
importance: | Undecided → Critical |
status: | New → In Progress |
assignee: | nobody → ccheney |
importance: | Undecided → Critical |
status: | New → In Progress |
Changed in openoffice.org (Gentoo Linux): | |
importance: | Unknown → High |
Changed in hsqldb (Gentoo Linux): | |
importance: | Unknown → Medium |
To post a comment you must log in.
I'm sorry I didn't respond to this bug earlier. I am working with the hsqldb author on a fix that won't require any changes to the openoffice.org codebase which allows us to not have to push as much data out. Hopefully this will be rolled out by the end of the week.
Thanks,
Chris Cheney