Fedora 12: 2010-3175 Urgent: LibreOffice Buffer Overflow Vulnerability

OpenOffice.org is an Open Source, community-developed, multi-platform

office productivity suite. It includes the key desktop applications,

such as a word processor, spreadsheet, presentation manager, formula

editor and drawing program, with a user interface and feature set

similar to other office suites. Sophisticated and flexible,

OpenOffice.org also works transparently with a variety of file

formats, including Microsoft Office.

Usage: Simply type "ooffice" to run OpenOffice.org or select the

requested component (Writer, Calc, Impress, etc.) from your

desktop menu. On first start a few files will be installed in the

user's home, if necessary.

CVE-2009-0200/CVE-2009-0201: Harden .doctable insert/delete record import

handling.

* Wed Sep 2 2009 Caolán McNamara - 1:3.0.1-15.6

- Resolves: rhbz#520772 copy/paste cockup

* Mon Aug 31 2009 Caolán McNamara - 1:3.0.1-15.5

- Resolves: CVE-2009-0200/CVE-2009-0201

- Resolves: rhbz#499474 soffice and .recently-used.xbel

- Resolves: rhbz#504419 openoffice.org-3.1.0.ooo102566.sc.less.frenetic.progress.patch

- Resolves: rhbz#506039 workspace.pdfextfix02.patch upsidedown images in pdf import

- Resolves: rhbz#514683 add openoffice.org-3.1.1.ooo104329.dbaccess.primarykeys.patch

- make the last three patches applicable

- Resolves: rbhz#501141 Images and Frames disappear in sequential printing

* Fri May 1 2009 Caolán McNamara - 1:3.0.1-15.4

- Resolves: rhbz#494643 EMF polypolygons issue

- Resolves: rhbz#495840 openoffice.org-3.1.0.ooo101145.vcl.safe.dpi.patch

- Resolves: rhbz#496315 openoffice.org-3.0.1.oooXXXXX.sfx2.badexception.patch

- Resolves: rhbz#484177 openoffice.org-3.1.0.ooo101354.filter.xhtml.do-not-label-list-headers.patch

- Resolves: rhbz#491159 openoffice.org-3.1.0.ooo101379.vcl.qstart.SM.patch

- Resolves: rhbz#497882 implement audio/visual looping stub

* Mon Mar 9 2009 Caolán McNamara - 1:3.0.1-15.3

- Resolves: rhbz#483223 openoffice.org-3.0.1.ooo98649.svtools.missingUI.patch

- Resolves: rhbz#483931 openoffice.org-3.0.1.ooo98885.sw.safeindex.patch

- Resolves: rhbz#484604 crash in glyph substitution

- add workspace.xmergeclean.patch to ensure xmerge functions with all

jaxp implementations

- Resolves: rhbz#486362 add openoffice.org-3.1.0.ooo99427.sd.ensure-icons-state.patch

- Resolves: rhbz#486807 add openoffice.org-3.1.0.ooo99526.sw.mailmergeup.outofrange.patch

- Resolves: rhbz#486934 add openoffice.org-3.1.0.ooo99529.sw.notrailingnewline.patch

- add openoffice.org-3.1.0.ooo99541.sw.reopen.flat.addrbooks.patch

* Tue Jan 20 2009 Caolán McNamara - 1:3.0.1-15.2

- Resolves: rhbz#479624 add

openoffice.org-3.0.1.ooo98024.vcl.emboldenoverlap.patch

- Resolves: rhbz#480121 add

openoffice.org-3.1.0.ooo98137.filter.redeclared-variables.patch

- Resolves: rhbz#480362

openoffice.org-3.0.1.ooo98240.sc.basicworkaround.patch

- Resolves: rhbz#480057 add

openoffice.org-3.0.1.ooo98288.ucb.neonchange.patch

* Mon Jan 12 2009 Caolán McNamara - 1:3.0.1-15.1

- Resolves: rhbz#470302 g_file_input_stream_query_info doesn't do anything

remotely

- Resolves: rhbz#471485 openoffice.org-3.0.0.ooo96203.sfx2.3layer-qstart.patch

- Resolves: rhbz#471724 own the share dir too

- Resolves: rhbz#471103 improve font-settings

- Resolves: ooo#96279 mediawiki proxies problem

- add openoffice.org-3.0.0.ooo96391.sw.prefsalwaysmodified.patch

- Resolves: rhbz#474058 messy patch

- add workspace.impress161.patch

- rhbz#474719 add libXinerama-devel BuildRequires

- Resolves: rhbz#474961 wrong impress accelerators add

openoffice.org-3.0.1.ooo97088.sd.accel-fallback.patch

- Resolves: rhbz#475154 UI Language override doesn't affect system dialogs

openoffice.org-3.0.1.ooo97064.fpicker.honour-uilang-override.patch

- Resolves: rhbz#475795 same fallbacks for printing as screen

workspace.vcl97.patch

- Resolves: rhbz#475007 openoffice.org-3.0.1.ooo97196.vcl.ensuretheme.whenqttesting.patch

- add workspace.vcl98.patch

- Resolves: rhbz#477016 playing video under full-screen presentation went away

- Resolves: rhbz#474719 openoffice.org-3.0.1.ooo97428.config_office.xinerama-on-x86_64.patch

- Resolves: rhbz#477880 add openoffice.org-3.0.1.ooo97975.bridges.mainalreadyexited.patch

[ 1 ] Bug #500993 - CVE-2009-0200 OpenOffice.org Word document Integer Underflow

https://bugzilla.redhat.com/show_bug.cgi?id=500993

[ 2 ] Bug #502194 - CVE-2009-0201 OpenOffice.org Word document buffer overflow

https://bugzilla.redhat.com/show_bug.cgi?id=502194

su -c 'yum update openoffice.org' at the command line.

For more information, refer to "Managing Software with yum",

available at .

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

Fedora-package-announce mailing list

Fedora-package-announce@redhat.com

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/