incubator-ooo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r817923 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/ content/security/cves/CVE-2012-1149.html content/security/cves/CVE-2012-2149.html content/security/cves/CVE-2012-2334.html
Date Wed, 16 May 2012 13:41:06 GMT
Author: buildbot
Date: Wed May 16 13:41:06 2012
New Revision: 817923

Log:
Staging update by buildbot for openofficeorg

Added:
    websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-1149.html
    websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2149.html
    websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2334.html
Modified:
    websites/staging/ooo-site/trunk/cgi-bin/   (props changed)
    websites/staging/ooo-site/trunk/content/   (props changed)

Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed May 16 13:41:06 2012
@@ -1 +1 @@
-1339073
+1339161

Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Wed May 16 13:41:06 2012
@@ -1 +1 @@
-1339073
+1339161

Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-1149.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-1149.html (added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-1149.html Wed May 16 13:41:06
2012
@@ -0,0 +1,71 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+
+  <title>CVE-2012-1149</title>
+  <style type="text/css"></style>
+
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+  <div id="topbara">
+    <!--#include virtual="/topnav.html" -->
+    <div id="breadcrumbsa"><a href="/">home</a>&nbsp;&raquo;&nbsp;<a
href="/security/">security</a>&nbsp;&raquo;&nbsp;<a href="/security/cves/">cves</a></div>
+  </div>
+  <div id="clear"></div>
+  
+  
+  <div id="content">
+    
+    
+    
+  <h2><a 
+      href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-1149">CVE-2012-1149</a></h2>
+
+  <h3>
+  OpenOffice.org integer overflow error in vclmi.dll module when allocating 
+  memory for an embedded image object
+  </h3>
+
+    <ul>   
+    
+        <h4>Severity: Important</h4>
+
+        <h4>Vendor: The Apache Software Foundation</h4>
+        
+        <h4>Versions Affected:</h4>
+                                 <ul>
+                                     <li>OpenOffice.org 3.3 and 3.4 Beta, on all platforms.</li>
+                                     <li>Earlier versions may be also affected.</li>
+                                 </ul>
+            
+
+<h4>Description:</h4>
+<p> The vulnerability is caused due to an integer overflow error in the 
+vclmi.dll module when allocating memory for an embedded image object. This can 
+be exploited to cause a heap-based buffer overflow via, for example using a 
+specially crafted JPEG object within a DOC file.</p> 
+
+        <h4>Mitigation</h4>
+        <p>OpenOffice.org 3.3.0 and 3.4 beta users are advised to <a 
+href="http://download.openoffice.org">upgrade to Apache OpenOffice 3.4<a/>. Users
who are unable to upgrade immediately 
+should be cautious when opening untrusted documents.</p>
+
+<h4>Credits</h4>
+
+<p>The Apache OpenOffice Security Team credits Tielei Wang via Secunia SVCRP as 
+    the discoverer of this flaw.</p>
+
+  <hr />
+
+  <p><a href="http://security.openoffice.org">Security Home</a> -&gt;
<a href="../bulletin.html">Bulletin</a> -&gt; 
+  <a href="CVE-2012-1149.html">CVE-2012-1149</a></p>
+
+  </div>
+
+<!--#include virtual="/footer.html" -->
+
+</body>
+</html>

Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2149.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2149.html (added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2149.html Wed May 16 13:41:06
2012
@@ -0,0 +1,68 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+
+  <title>CVE-2012-2149</title>
+  <style type="text/css"></style>
+
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+  <div id="topbara">
+    <!--#include virtual="/topnav.html" -->
+    <div id="breadcrumbsa"><a href="/">home</a>&nbsp;&raquo;&nbsp;<a
href="/security/">security</a>&nbsp;&raquo;&nbsp;<a href="/security/cves/">cves</a></div>
+  </div>
+  <div id="clear"></div>
+  
+  
+  <div id="content">
+    
+    
+    
+  <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2149">CVE-2012-2149</a></h2>
+
+  <h3>
+  OpenOffice.org memory overwrite vulnerability
+  </h3>
+
+    <ul>   
+    
+        <h4>Severity: Important</h4>
+
+        <h4>Vendor: The Apache Software Foundation</h4>
+        
+        <h4>Versions Affected:</h4>
+                                 <ul>
+                                     <li>OpenOffice.org 3.3 and 3.4 Beta, on all platforms.</li>
+                                     <li>Earlier versions may be also affected.</li>
+                                 </ul>
+            
+
+<h4>Description:</h4>
+<p>
+Description: Effected versions of OpenOffice.org use a customized libwpd that has an memory
overwrite vulnerability that could be exploited by
+a specially crafted Wordperfect WPD-format document, potentially leading to arbitrary-code
execution at application user privilege level.</p>
+
+        <h4>Mitigation</h4>
+        <p>OpenOffice.org 3.3.0 and 3.4 beta users are advised to <a 
+href="http://download.openoffice.org">upgrade to Apache OpenOffice 3.4</a>, where

+WPD files are ignored. Users who are unable to upgrade immediately should be 
+cautious when oppening untrusted WPD documents.</p>
+
+<h4>Credits</h4>
+
+<p>The Apache OpenOffice Security Team acknowledges Kestutis Gudinavicius of SEC Consult
Unternehmensberatung GmbH as the discoverer of this flaw.</p>
+
+  <hr />
+
+  <p><a href="http://security.openoffice.org">Security Home</a> -&gt;
<a href="../bulletin.html">Bulletin</a> -&gt; 
+  <a href="CVE-2012-2149.html">CVE-2012-2149</a></p>
+
+  </div>
+
+<!--#include virtual="/footer.html" -->
+
+</body>
+</html>

Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2334.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2334.html (added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2334.html Wed May 16 13:41:06
2012
@@ -0,0 +1,65 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+
+    <title>CVE-2012-2334</title>
+    <style type="text/css">
+    </style>
+
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+  <div id="topbara">
+    <!--#include virtual="/topnav.html" -->
+    <div id="breadcrumbsa"><a href="/">home</a>&nbsp;&raquo;&nbsp;<a
href="/security/">security</a>&nbsp;&raquo;&nbsp;<a href="/security/cves/">cves</a></div>
+  </div>
+  <div id="clear"></div>
+  
+  
+  <div id="content">
+    
+    
+    
+<h2><a
+href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2334">CVE-2012-2334</a></h2>
<h3>Vulnerabilities related to 
+malformed Powerpoint files in OpenOffice.org 3.3.0</h3>
+<ul>
+    <h4>Severity: Important</h4> <h4>Vendor: The Apache Software Foundation</h4>
<h4>Versions Affected:</h4>
+    <ul>
+        <li>
+            OpenOffice.org 3.3 and 3.4 Beta, on all platforms.
+        </li>
+        <li>
+            Earlier versions may be also affected.
+        </li>
+    </ul>
+    <h4>Description:</h4>
+    <p>
+    A review of the code in filter/source/msfilter msdffimp.cxx revealed some unchecked memory
allocations, which could be 
+    exploited via malformed Powerpoint graphics records ("escher") to cause bad_alloc exceptions.
From this vulnerability a 
+    denial of service attack is possible.
+    </p>
+    <h4>Mitigation</h4>
+    <p>
+    OpenOffice.org 3.3.0 and 3.4 beta users are advised to <a
+    href="http://download.openoffice.org">upgrade to Apache OpenOffice 3.4<a/>.
Users who are unable to upgrade immediately 
+    should be cautious when opening untrusted documents.
+    </p>
+    <h4>Credits</h4>
+    <p>
+    The Apache OpenOffice Security Team credits Sven Jacobias as the discoverer 
+    of this flaw.
+    </p>
+    <hr />
+    <p>
+    <a href="http://security.openoffice.org">Security Home</a> -&gt; <a
href="../bulletin.html">Bulletin</a> -&gt; <a href="CVE-2012-2334.html">CVE-2012-2334</a>
+    </p>
+
+  </div>
+
+<!--#include virtual="/footer.html" -->
+
+</body>
+</html>



Mime
View raw message