Date: Thu, 21 Jul 2016 18:04:14 +0000 (UTC) From: Don Lewis <truckman@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r418884 - head/security/vuxml Message-ID: <201607211804.u6LI4ErW072062@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: truckman Date: Thu Jul 21 18:04:14 2016 New Revision: 418884 URL: https://svnweb.freebsd.org/changeset/ports/418884 Log: Apache OpenOffice CVE-2016-1513 Memory Corruption Vulnerability (Impress Presentations) Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Jul 21 17:47:02 2016 (r418883) +++ head/security/vuxml/vuln.xml Thu Jul 21 18:04:14 2016 (r418884) @@ -58,6 +58,44 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="72f71e26-4f69-11e6-ac37-ac9e174be3af"> + <topic>Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)</topic> + <affects> + <package> + <name>apache-openoffice</name> + <range><lt>4.1.2_8</lt></range> + </package> + <package> + <name>apache-openoffice-devel</name> + <range><lt>4.2.1753426,4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The Apache OpenOffice Project reports:</p> + <blockquote cite="http://www.openoffice.org/security/cves/CVE-2016-1513.html">; + <p>An OpenDocument Presentation .ODP or Presentation Template + .OTP file can contain invalid presentation elements that lead + to memory corruption when the document is loaded in Apache + OpenOffice Impress. The defect may cause the document to appear + as corrupted and OpenOffice may crash in a recovery-stuck mode + requiring manual intervention. A crafted exploitation of the + defect can allow an attacker to cause denial of service + (memory corruption and application crash) and possible + execution of arbitrary code.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2016-1513</cvename> + <url>http://www.openoffice.org/security/cves/CVE-2015-4551.html</url>; + </references> + <dates> + <discovery>2016-07-17</discovery> + <entry>2016-07-21</entry> + </dates> + </vuln> + <vuln vid="ca5cb202-4f51-11e6-b2ec-b499baebfeaf"> <topic>MySQL -- Multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201607211804.u6LI4ErW072062>