Fixed in LibreOffice 3.4.3. I don't know if/where a patch is available. http://www.libreoffice.org/advisories/CVE-2011-2713/
Assignee: bugsquad => dmorganec
There is some patches on redhat bugzilla : https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2713 This is also fixed in version 3.3.4 (we are currently using 3.3.3.1), I think that's the version we should use as it seems to be a bugfix release. More info in this announce : http://lwn.net/Articles/461694/
i would like, i need to look again because i have a compil issue with LO 3.3.4. i will look after my vacations because i miss time now :)
*** Bug 2680 has been marked as a duplicate of this bug. ***
CC: (none) => info
Ping ?
What compile issue? Folks on libreoffice's IRC-channel (#libreoffice-dev on freenode) and mailinglist (the developer's list is libreoffice@lists.freedesktop.org) surely would help solving that compile-bug... Security fixes should have high priority and shall be considered major problems.
Priority: Normal => HighCC: (none) => lohmaier+mageiaSeverity: normal => major
I'll try to take a look, as this is already 7 weeks late ... FWIW, dmorgan has already commited 3.3.4.1 to updates/1 branch.
CC: (none) => doktor5000
in fact i am puzzled because i don't know what to do. Soon libreoffice 3.3 won't have any updates so what is the best to do ? fix our LO 3.3 or switch to LO 3.4 ?
libreoffice-3.3.4.1-1.1.mga1 is now available on updates_testing
Assignee: dmorganec => qa-bugs
Tested libreoffice-3.3.4.1-1 on Mageia release 1 (Official) for x86_64 and for me it's Ok ,it work very fine. Tested file : -LibreOffice Writer : Ok -LibreOffice Calc : Ok -LibreOffice Impress : Ok -LibreOffice Base : Ok
CC: (none) => geiger.david68210
On i586, the installation is not clean. /var/cache/urpmi/rpms/autocorr-cs-3.3.4.1-1.1.mga1.noarch.rpm: Invalid signature (NOT OK (no key): cannot open Packages database in ) I'm getting this on most (if not all) of the libreoffice packages.
CC: (none) => davidwhodgins
I'm not sure if the problem in comment 10 was fixed on the mirrors, or if it was fixed by my rebooting my system, switching to a cauldron install, and then back, but the updates installed cleanly now. I don't see a POC for CVE-2011-2713, so I'll just be testing that everything seems to work ok on i586.
(In reply to comment #11) > I'm not sure if the problem in comment 10 was fixed on the mirrors, or > if it was fixed by my rebooting my system, switching to a cauldron > install, and then back, but the updates installed cleanly now. it was see http://svnweb.mageia.org/packages?view=revision&revision=179311
Created attachment 1203 [details] backtrace after segfault I'm getting a segfault opening a document that was working before.
It also segfaults with libreoffice-3.3.3.1-0.1.mga1.src.rpm, so this is not a regression. The document was written August 3rd, 2011, so the error has to have been added since then. All other documents I've opened have been ok. Just chance that I picked this one as the first one I tried.
can you open a bugreport for this segfault ? ( as this is not a regression this won't block this update, but will help when updating to LO 3.4.4 ) to see if this is fixed or not.
CC: (none) => dmorganec
Blocks: (none) => 3672
Bug 3672 opened for the segfault. I'll continue testing other features for i586.
Mediawiki template defaults to German spell check at the bottom of the window. It doesn't actually seem to spell check anything though. This doesn't appear to be a regression from the current version.
In fact spell check doesn't seem to be working for me at all x86_64.
Created attachment 1208 [details] Spellcheck screenshot It is set to English (UK)
Spell checking is working on the i586 system I'm using. Haven't found any other problems. I've created a presentation, spreadsheet, database, etc. I consider testing complete on i586.
$ rpm -qa | grep spell Showed hunspell-en not installed x86_64 but it was on a working i586. myspell-en_GB was installed though. When hunspell-en was installed libreoffice spellcheck and autocorrect works as it should. There were no errors or any indication of a missing package. This can't be a regression but it should be looked at as spell checking is basic functionality for an office package. There is no require on hunspell or the relevant language. dmorgan do you want to look into this before it is pushed?
ok i look
a suggests on hunspell-en have been added ( new package on the BS )
Sorry dmorgan, in testing I don't notice any difference. I don't want to delay the security update as it isn't a regression. Should we push this and create a separate bug for the spell checking?
suggests are only handled at first install, this is why you don't see any difference. But yes please open a bugreport so we will be able to talk about this ( maybe a requires would be better )
Bug 3830 created for the spell checking issue. Testing complete of the new build x86_64 other than that, requires testing i586 again.
why again testing on i586 ?
(In reply to comment #27) > why again testing on i586 ? It's a new build. Have to confirm the rpm packages have been signed properly, etc. The dependency on hunspell-en is a suggests rather than a requires, so I don't think bug 2317 affects this, and the depcheck script agrees. Testing complete on i586. Could someone from the sysadmin team push the srpm libreoffice-3.3.4.1-1.3.mga1.src.rpm from Core Updates Testing to Core Updates. Advisory: This security update for libreoffice corrects CVE-2011-2713: Out of bounds property read in binary Microsoft Word (.doc) importer https://bugs.mageia.org/show_bug.cgi?id=2942
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
Update pushed.
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED