You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by bu...@apache.org on 2012/08/27 22:45:48 UTC

svn commit: r830297 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/ content/security/bulletin.html content/security/cves/CVE-2012-2665.html

Author: buildbot
Date: Mon Aug 27 20:45:48 2012
New Revision: 830297

Log:
Staging update by buildbot for openofficeorg

Added:
    websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2665.html
Modified:
    websites/staging/ooo-site/trunk/cgi-bin/   (props changed)
    websites/staging/ooo-site/trunk/content/   (props changed)
    websites/staging/ooo-site/trunk/content/security/bulletin.html

Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Aug 27 20:45:48 2012
@@ -1 +1 @@
-1377844
+1377848

Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Mon Aug 27 20:45:48 2012
@@ -1 +1 @@
-1377844
+1377848

Modified: websites/staging/ooo-site/trunk/content/security/bulletin.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/bulletin.html (original)
+++ websites/staging/ooo-site/trunk/content/security/bulletin.html Mon Aug 27 20:45:48 2012
@@ -33,7 +33,12 @@
 
   <p><strong>If you want to stay up to date on OpenOffice.org security announcements, please subscribe to our <a href="alerts.html">security-alerts mailing list</a>.</strong></p>
 
-  <h3>Fixed in Apache OpenOffice 3.4</h3>
+ <h3>Fixed in Apache OpenOffice 3.4.1</h3>
+<ul>
+<li><a href="cves/CVE-2012-2665.html">CVE-2012-2665</a>: Manifest-processing errors in Apache OpenOffice 3.4.0</li>
+</ul>
+
+  <h3>Fixed in Apache OpenOffice 3.4.0</h3>
 <ul>
 <li><a href="cves/CVE-2012-1149.html">CVE-2012-1149</a>: OpenOffice.org integer overflow error in vclmi.dll module when allocating 
   memory for an embedded image object</li>

Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2665.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2665.html (added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-2665.html Mon Aug 27 20:45:48 2012
@@ -0,0 +1,76 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+  <title>CVE-2012-2665</title>
+  <style type="text/css"></style>
+
+<!--#include virtual="/google-analytics.js" -->
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+  <div id="topbara">
+    <!--#include virtual="/topnav.html" -->
+    <div id="breadcrumbsa"><a href="/">home</a>&nbsp;&raquo;&nbsp;<a href="/security/">security</a>&nbsp;&raquo;&nbsp;<a href="/security/cves/">cves</a></div>
+  </div>
+  <div id="clear"></div>
+  
+  
+  <div id="content">
+    
+    
+    
+  <h2><a 
+      href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2149">CVE-2012-2665</a></h2>
+
+  <h3> Manifest-processing errors in Apache OpenOffice 3.4.0 
+  </h3>
+
+    <ul>   
+    
+        <h4>Severity: Important</h4>
+
+        <h4>Vendor: The Apache Software Foundation</h4>
+        
+        <h4>Versions Affected:</h4>
+                                 <ul>
+                                     <li>Apache OpenOffice 3.4.0, all languages, 
+                                         all platforms.</li>
+                                     <li>Earlier versions of OpenOffice.org may 
+                                         be also affected.</li>
+                                 </ul>
+            
+
+<h4>Description:</h4>
+<p> Description: When OpenOffice reads an ODF document, it first loads and 
+    processes an XML stream within the file called the manifest.  Apache 
+    OpenOffice 3.4.0 has logic errors that allows a carefully crafted manifest 
+    to cause reads and writes beyond allocated buffers.</p>
+        <p>
+        No specific exploit has been demonstrated 
+    in this case, though such flaws generally are conducive to exploitation, 
+    possibly including denial of service and elevation of privilege.
+    </p> 
+
+        <h4>Mitigation</h4>
+        <p>OpenOffice users are advised to <a 
+href="http://www.openoffice.org/download">upgrade to Apache OpenOffice 
+3.4.1</a>. Users who are unable 
+to upgrade immediately should exercise caution when opening untrusted ODF 
+documents.</p>
+
+<h4>Credits</h4>
+
+<p>The Apache OpenOffice Security Team acknowledges Timo Warns of PRESENSE 
+    Technologies GmbH as the discoverer of these flaws.</p>
+
+  <hr />
+
+  <p><a href="http://security.openoffice.org">Security Home</a> -&gt; <a href="../bulletin.html">Bulletin</a> -&gt; 
+  <a href="CVE-2012-2665.html">CVE-2012-2665</a></p>
+
+  </div>
+<!--#include virtual="/footer.html" -->
+</body>
+</html>