Bug 3957

Summary: libreoffice missing security update for CVE-2011-2713
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED DUPLICATE QA Contact:
Severity: normal    
Priority: Normal    
Version: 1   
Target Milestone: ---   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: libreoffice-3.3.4.1-1.3.mga1.src.rpm CVE:
Status comment:

Description David Walser 2011-12-31 00:06:18 CET 
Mandriva issued this advisory on November 11:
http://lists.mandriva.com/security-announce/2011-11/msg00017.php

The other CVE probably doesn't affect us since it says before 3.3.3.  MDV fixed it by upgrading to 3.4.3, but I'm not sure if that's what you want to do.
Comment 1 Manuel Hiebel 2011-12-31 00:13:31 CET 
since libreoffice 3.4.4 is in testing I guess we can close this one

the also http://web.nvd.nist.gov/view/vuln/search-results?query=CVE-2011-2713&search_type=all&cves=on

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser
Comment 2 David Walser 2011-12-31 00:18:45 CET 
This isn't really a duplicate, but the proposed update from Bug 3830 is new enough to fix this issue.

*** This bug has been marked as a duplicate of bug 3830 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE