| Summary: | gnome-chemistry-utils, gnumeric, goffice new security issue CVE-2013-6836 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | cmrisolde, fundawang, makowski.mageia, olav, rverschelde, sysadmin-bugs, tmb |
| Version: | 3 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/580184/ | ||
| Whiteboard: | MGA3-32-OK MGA3-64-OK advisory | ||
| Source RPM: | gnome-chemistry-utils, gnumeric, goffice | CVE: | |
| Status comment: | |||
|
Description
David Walser
2014-01-13 22:13:51 CET
David Walser
2014-01-13 22:14:17 CET
CC:
(none) =>
fundawang, olav
David Walser
2014-01-17 17:26:19 CET
Blocks:
(none) =>
11726 gnome-chemistry-utils updated in mga4, freeze push asked I'm working on update for mga3 CC:
(none) =>
makowski.mageia Thanks. I don't see a freeze push request on the mailing list. gnome-chemistry-utils-0.14.5-2.mga4 uploaded for Cauldron. Thanks Philippe! Version:
Cauldron =>
3 Advisory: ======================== Updated gnome-chemistry-utils,gnumeric and goffice packages that fix one security issue Heap-based buffer overflow in the ms_escher_get_data function in plugins/excel/ms-escher.c in GNOME Office Gnumeric before 1.12.9 allows remote attackers to cause a denial of service (crash) via a crafted xls file with a crafted length value. (CVE-2013-6836) References https://bugzilla.redhat.com/show_bug.cgi?id=1044857 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6836 https://bugs.mageia.org/show_bug.cgi?id=12294 ======================== Updated packages in core/updates_testing: ======================== gnome-chemistry-utils-gnumeric-0.14.5-1.mga3 gnome-chemistry-utils-0.14.5-1.mga3 gchem3d-0.14.5-1.mga3 gchempaint-0.14.5-1.mga3 libgcu0.14_0-0.14.5-1.mga3 gspectrum-0.14.5-1.mga3 libgcrystal0.14_0-0.14.5-1.mga3 gchemtable-0.14.5-1.mga3 gnome-chemistry-utils-goffice-0.14.5-1.mga3 gnome-chemistry-utils-devel-0.14.5-1.mga3 gcrystal-0.14.5-1.mga3 libgchempaint0.14_0-0.14.5-1.mga3 gnome-chemistry-utils-debuginfo-0.14.5-1.mga3 gnome-chemistry-utils-common-0.14.5-1.mga3 gchemcalc-0.14.5-1.mga3 gnumeric-1.12.9-1.mga3 libspreadsheet1.12.9-1.12.9-1.mga3 gnumeric-debuginfo-1.12.9-1.mga3 libspreadsheet-devel-1.12.9-1.mga3 libgoffice0.10_10-0.10.9-1.mga3 goffice-0.10.9-1.mga3 libgoffice0.10-devel-0.10.9-1.mga3 goffice-0.10.9-1.mga3.x86_64 from gnome-chemistry-utils-0.14.5-1.mga3.src gnumeric-1.12.9-1.mga3.src goffice-0.10.9-1.mga3.src Assignee:
bugsquad =>
qa-bugs I'll have a look at it on i586. Don't understand what the issues are, but I can check for regressions. I'll put a link to the web page with user manuals for the gnome-chemistry-utils components on a procedure page on the wiki. Carolyn CC:
(none) =>
isolde I tried out Gnumeric and did a few basic things like formatting for currency,formulae for adding and multiplying groups of cells, merging and centering cells, inserting the current date and time, saving and opening. I also tried various views in the periodic table viewer and entered some formulae in GChemCalc and viewed the results. No regressions noticed after update. Ill mark this as OK for 32-bit unless someone can come up with some more specific tests that need doing. Carolyn Whiteboard:
(none) =>
MGA3-32-OK Testing complete Mageia 4 x86_64, checking for obvious regressions. CC:
(none) =>
remi Validating update, advisory has been uploaded. Please push to 3 core/updates. Keywords:
(none) =>
validated_update Update pushed: http://advisories.mageia.org/MGASA-2014-0086.html Status:
NEW =>
RESOLVED |