You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by bu...@apache.org on 2014/08/21 17:21:33 UTC
svn commit: r920034 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/
content/brand.html content/index.html content/pt/brand.html
content/security/cves/CVE-2014-3524.html
content/security/cves/CVE-2014-3575.html
Author: buildbot
Date: Thu Aug 21 15:21:32 2014
New Revision: 920034
Log:
Staging update by buildbot for ooo-site
Added:
websites/staging/ooo-site/trunk/content/security/cves/CVE-2014-3524.html
websites/staging/ooo-site/trunk/content/security/cves/CVE-2014-3575.html
Modified:
websites/staging/ooo-site/trunk/cgi-bin/ (props changed)
websites/staging/ooo-site/trunk/content/ (props changed)
websites/staging/ooo-site/trunk/content/brand.html
websites/staging/ooo-site/trunk/content/index.html
websites/staging/ooo-site/trunk/content/pt/brand.html
Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Aug 21 15:21:32 2014
@@ -1 +1 @@
-1619342
+1619432
Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Aug 21 15:21:32 2014
@@ -1 +1 @@
-1619342
+1619432
Modified: websites/staging/ooo-site/trunk/content/brand.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/brand.html (original)
+++ websites/staging/ooo-site/trunk/content/brand.html Thu Aug 21 15:21:32 2014
@@ -80,4 +80,4 @@
</div>
<div id="bannercenter"><br/>The Free and Open Productivity Suite</div>
</div>
- <div id="announce"><a href="https://blogs.apache.org/OOo/entry/the_apache_openoffice_project_announce" title="New: Apache OpenOffice 4.1.0 released!">New: Apache OpenOffice 4.1.0 released!</a></div>
+ <div id="announce"><a href="https://cwiki.apache.org/confluence/display/OOOUSERS/AOO+4.1.1+Release+Notes" title="New: Apache OpenOffice 4.1.1 released!">New: Apache OpenOffice 4.1.1 released!</a></div>
Modified: websites/staging/ooo-site/trunk/content/index.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/index.html (original)
+++ websites/staging/ooo-site/trunk/content/index.html Thu Aug 21 15:21:32 2014
@@ -183,9 +183,7 @@
-<!-- The text in the H1 tag is intentionally shown as not displayable, just to please accessibility tools like a
-screen reader.
--->
+<!-- The text in the H1 tag is intentionally shown as not displayable, just to please accessibility tools like a screen reader. -->
<h1 style="display: none;">Apache OpenOffice</h1>
<div id="actionstatements">
Modified: websites/staging/ooo-site/trunk/content/pt/brand.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/pt/brand.html (original)
+++ websites/staging/ooo-site/trunk/content/pt/brand.html Thu Aug 21 15:21:32 2014
@@ -80,4 +80,4 @@
</div>
<div id="bannercenter"><br/>O programa de produtividade gratuito e de código aberto</div>
</div>
- <div id="announce"><a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=44996063" title="Leia as notas de lançamento">O novo Apache OpenOffice 4.1.1 já saiu!</a></div>
+ <div id="announce"><a href="https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=44996063" title="Leia as notas de lançamento">O novo Apache OpenOffice 4.1 já saiu!</a></div>
Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2014-3524.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2014-3524.html (added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2014-3524.html Thu Aug 21 15:21:32 2014
@@ -0,0 +1,59 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+ <title>CVE-2014-3524</title>
+ <style type="text/css"></style>
+
+<!--#include virtual="/google-analytics.js" -->
+<!--#include virtual="/scripts/entourage.js" -->
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a href="/security/">security</a> » <a href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+
+ <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3524">CVE-2014-3524</a></h2>
+
+ <h3>OpenOffice Calc Command Injection Vulnerability</h3>
+
+ <ul>
+ <h4>Severity: Important</h4>
+ <h4>Vendor: The Apache Software Foundation</h4>
+ <h4>Versions Affected:</h4>
+ <ul>
+ <li>Apache OpenOffice 4.1.0 and older on Windows.</li>
+ <li>OpenOffice.org versions are also affected.</li>
+ </ul>
+
+ <h4>Description:</h4>
+ <p>The vulnerability allows command injection when loading Calc spreadsheets.
+ Specially crafted documents can be used for command-injection attacks.
+ Further exploits are possible but have not been verified.
+
+ <h4>Mitigation</h4>
+ <p>Apache OpenOffice users are advised to <a href="http://download.openoffice.org">upgrade to Apache OpenOffice 4.1.1</a>.
+ Users who are unable to upgrade immediately should be cautious when opening untrusted documents.
+
+ <h4>Credits</h4>
+ <p>The Apache OpenOffice security team credits Rohan Durve and James Kettle of Context Information Security as the discoverer of this flaw.</p>
+
+ <hr />
+
+ <p><a href="http://security.openoffice.org">Security Home</a>
+ -> <a href="http://security.openoffice.org/bulletin.html">Bulletin</a>
+ -> <a href="http://security.openoffice.org/security/cves/CVE-2014-3524.html">CVE-2014-3524</a></p>
+
+ </div>
+<!--#include virtual="/footer.html" -->
+</body>
+</html>
Added: websites/staging/ooo-site/trunk/content/security/cves/CVE-2014-3575.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2014-3575.html (added)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2014-3575.html Thu Aug 21 15:21:32 2014
@@ -0,0 +1,59 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+ <title>CVE-2014-3575</title>
+ <style type="text/css"></style>
+
+<!--#include virtual="/google-analytics.js" -->
+<!--#include virtual="/scripts/entourage.js" -->
+</head>
+<body>
+<!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a href="/security/">security</a> » <a href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+
+ <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-3575">CVE-2014-3575</a></h2>
+
+ <h3>OpenOffice Targeted Data Exposure Using Crafted OLE Objects</h3>
+
+ <ul>
+ <h4>Severity: Important</h4>
+ <h4>Vendor: The Apache Software Foundation</h4>
+ <h4>Versions Affected:</h4>
+ <ul>
+ <li>Apache OpenOffice 4.1.0 and older on Windows.</li>
+ <li>OpenOffice.org versions are also affected.</li>
+ </ul>
+
+ <h4>Description:</h4>
+ <p>The exposure exploits the way OLE previews are generated to embed arbitrary
+ file data into a specially crafted document when it is opened. Data exposure is
+ possible if the updated document is distributed to other parties.
+
+ <h4>Mitigation</h4>
+ <p>Apache OpenOffice users are advised to <a href="http://download.openoffice.org">upgrade to Apache OpenOffice 4.1.1</a>.
+ Users who are unable to upgrade immediately should be cautious when they are asked to "Update Links" for untrusted documents.
+
+ <h4>Credits</h4>
+ <p>The Apache OpenOffice security team credits Open-Xchange for reporting this flaw.</p>
+
+ <hr />
+
+ <p><a href="http://security.openoffice.org">Security Home</a>
+ -> <a href="http://security.openoffice.org/bulletin.html">Bulletin</a>
+ -> <a href="http://security.openoffice.org/security/cves/CVE-2014-3575.html">CVE-2014-3575</a></p>
+
+ </div>
+<!--#include virtual="/footer.html" -->
+</body>
+</html>