You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by bu...@apache.org on 2016/07/21 01:37:28 UTC

svn commit: r993248 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/ content/security/cves/CVE-2016-1513.html

Author: buildbot
Date: Thu Jul 21 01:37:28 2016
New Revision: 993248

Log:
Staging update by buildbot for ooo-site

Modified:
    websites/staging/ooo-site/trunk/cgi-bin/   (props changed)
    websites/staging/ooo-site/trunk/content/   (props changed)
    websites/staging/ooo-site/trunk/content/security/cves/CVE-2016-1513.html

Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Jul 21 01:37:28 2016
@@ -1 +1 @@
-1753610
+1753625

Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Jul 21 01:37:28 2016
@@ -1 +1 @@
-1753610
+1753625

Modified: websites/staging/ooo-site/trunk/content/security/cves/CVE-2016-1513.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2016-1513.html (original)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2016-1513.html Thu Jul 21 01:37:28 2016
@@ -51,7 +51,7 @@
         </p>
 
         <p>
-          <strong>Summary</strong>
+          <strong>Description</strong>
         </p>
 
         <p>
@@ -88,17 +88,7 @@
           <br /><br />
           A source-code patch that blocks the vulnerability has been developed and is available for developers at <a href="https://bz.apache.org/ooo/show_bug.cgi?id=127045">issue 127045</a>.
           <br /><br />
-          Antivirus can detect documents attempting to exploit this vulnerability by employing Snort Signature IDs 35828-35829.
-        </p>
-
-        <p>
-          <strong>Description</strong>
-        </p>
-
-        <p>
-          An OpenDocument Presentation .ODP or Presentation Template .OTP file can contain invalid presentation elements that lead to memory corruption when the document is loaded in Apache OpenOffice Impress. The defect may cause the document to appear as corrupted. OpenOffice may simply close or crash, possibly in a recovery-stuck mode requiring manual intervention, including removal of any document lock.
-          <br /><br />
-          A crafted exploitation of the vulnerability can allow an attacker to cause denial of service (memory corruption and application crash) and possible execution of arbitrary code.
+          Antivirus products can detect documents attempting to exploit this vulnerability by employing Snort Signature IDs 35828-35829.
         </p>
 
         <p>
@@ -117,27 +107,14 @@
           For .ODP and .OTP files from unknown or suspicious sources, any automatic closing on opening or failing of OpenOffice Impress can be checked by opening the file in an OpenDocument Presentation application that is not vulnerable to the defective document formatting involved in CVE-2016-1513. Current releases of LibreOffice and Microsoft Office PowerPoint (for .ODP files), including PowerPoint Online, are known to avoid the defect. Other ODF-supporting software may be successful. The resulting presentation may appear corrupted or incomplete and need not reflect an actual exploit attempt. Saving the document as a new presentation file will be exploit-free either way.
           <br /><br />
           To report a suspicious document from an external source and for which OpenOffice Impress crashes, preserve the file exactly and report to <a href="mailto:security@openoffice.apache.org">security@openoffice.apache.org</a>. Await further instructions for submission of the file itself. Do not post files having suspected exploits to mailing lists, the issue-reporting system, or any other public location.
-          <br /><br />
-          For additional information and assistance, consult the <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>, or make requests to the <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a> public mailing list. Defects not involving suspected security vulnerabilities can be reported with a normal issue via <a href="http://www.openoffice.org/qa/issue_handling/pre_submission.html">Bugzilla</a>.
         </p>
-
-        <p>
-          <strong>Precautions</strong>
-        </p>
-
+        
         <p>
-          Users who do not upgrade to Apache OpenOffice 4.1.2 should be careful of .DOC files from unknown or unreliable sources. A Microsoft Word 97-2003 .DOC format file can be checked by opening with software, such as Microsoft Office Word or Word Online. The documents may be rejected as corrupted or extraordinary employment of bookmarks may be observable.
-        </p>
-
-         <p>
            <strong>Further Information</strong>
         </p>
-
-        <p>For additional information and assistance, consult the
-           <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>
-           or make requests to the
-           <a href="mailto:users@openofffice.apache.org">users@openofffice.apache.org</a>
-           public mailing list.
+        
+        <p>
+          For additional information and assistance, consult the <a href="https://forum.openoffice.org/">Apache OpenOffice Community Forums</a>, or make requests to the <a href="mailto:users@openoffice.apache.org">users@openoffice.apache.org</a> public mailing list. Defects not involving suspected security vulnerabilities can be reported with a normal issue via <a href="http://www.openoffice.org/qa/issue_handling/pre_submission.html">Bugzilla</a>.
         </p>
 
         <p>