Sicherheit: Zwei Probleme in LibreOffice - Pro-Linux

Name        : libreoffice
Product     : Fedora 15
Version     : 3.3.4.1
Release     : 5.fc15
URL         : http://www.documentfoundation.org/develop
Summary     : Free Software Productivity Suite
Description :
LibreOffice is an Open Source, community-developed, office productivity suite.
It includes the key desktop applications, such as a word processor,
spreadsheet, presentation manager, formula editor and drawing program, with a
user interface and feature set similar to other office suites.  Sophisticated
and flexible, LibreOffice also works transparently with a variety of file
formats, including Microsoft Office File Formats.

-------------------------------------------------------------------------------
-
Update Information:

CVE-2012-1149 An integer overflow vulnerability in LibreOffice graphic loading
 code

CVE-2012-2334 Denial of Service with malformed .ppt files
-------------------------------------------------------------------------------
-
ChangeLog:

* Thu May 17 2012 Caolán McNamara <caolanm@redhat.com> 1:3.3.4.1-5
- Resolves: rhbz#822216 CVE-2012-1149, CVE-2012-2334
* Tue Apr 24 2012 Caolán McNamara <caolanm@redhat.com> 1:3.3.4.1-4
- bump n-v-r
* Fri Feb 10 2012 Caolán McNamara <caolanm@redhat.com> 1:3.3.4.1-3
- Resolves: rhbz#788971 SwDocShell::ReconnectDdeLink crash
* Tue Jan 10 2012 Caolán McNamara <caolanm@redhat.com> 1:3.3.4.1-2
- Resolves: rhbz#759647 dispose clears mpPresTimer
- Resolves: rhbz#767708 write to mmap'ed file w/o disk space: SIGBUS
- Resolves: fdo#40482 Writer view options destroyed by printing
- Resolves: rhbz#772768 crash choosing "Data:Form..." with hidden
 columns
* Wed Nov 30 2011 David Tardon <dtardon@redhat.com> 1:3.3.4.1-1
- Resolves: rhbz#747356 let Qt call XInitThreads
- new upstream version 3.3.4
- add gdb pretty printers
- Resolves: rhbz#757653 fix headless crash with cairo canvas
- workaround problem in %check
unset DISPLAY
* Wed Oct  5 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.3.1-7
- Resolves: CVE-2011-2713, binary .doc parsing fixes
- Resolves: rhbz#739407 recovery from autosave for non odf format
- Resolves: fdo#35513 avoid crash while processing incorrect print range
* Thu Sep 15 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.3.1-6
- Resolves: fdo#40303 missing filter detect services cause trouble
- Resolves: rhbz#734432 openoffice.org symlink broken (dtardon)
- Resolves: rhbz#734976 libreoffice-langpack-*-* not pulled in by
  yum install libreoffice
- Resolves: rhbz#738255 avoid crash on sc inputhdl NULL pointer
* Tue Aug 23 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.3.1-5
- Resolves: rhbz#657783 dead ViewShell, possibly on selection
* Tue Aug  2 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.3.1-4
- Resolves: rhbz#725144 wrong csh syntax
- Resolves: rhbz#725133 backport tab/spaces fix
- Resolves: rhbz#693265 fix crash from unhandled exception
* Tue Jul 19 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.3.1-3
- fix regression in SvGlobalName operator
- Resolves: rhbz#715549 use fontconfig's detected format
* Tue Jul  5 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.3.1-2
- Resolves: rhbz#713154 pdf export dialog too tall to fit
- Related: rhbz#702833 addEventListener without removeEventListener
- Related: rhbz#711087 band aid for crash in undo
- Resolves: rhbz#667082 do not crash importing section containing just
  an empty paragraph (dtardon)
- Related: rhbz#718976 crash in SwTxtSizeInfo::GetMultiCreator
* Tue Jun 14 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.3.1-1
- bugfixing 3.3.3.1 point release
- drop integrated libreoffice-fdo33947.sd.print.crash.patch
* Thu Jun  9 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.2.2-10
- Resolves: rhbz#710004 band aid for crash
- Resolves: rhbz#710556 don't crash on missing graphics on pptx export
- Resolves: rhbz#652604 better survive exceptions in autorecovery
- Resolves: rhbz#699909 crash in export of .doc in lcl_getField
- Resolves: rhbz#709503/fdo#37668 bitwise operations on signed values
* Mon May 30 2011 Caolán McNamara <caolanm@redhat.com> 1:3.3.2.2-9
- Resolves: rhbz#702635 set correct page number when exporting selected
  pages
- Resolves: rhbz#706110 oosplash.bin segfault on every login
- Resolves: rhbz#705784 do not crash if referenced shape does not
  contain text body
- Resolves: rhbz#707317 avoid crash in getRowSpan
* Sat May  7 2011 Christopher Aillon <caillon@redhat.com> - 1:3.3.2.2-8
- Update icon cache scriptlet
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #822216 - CVE-2012-1149 openoffice.org, libreoffice: Integer
 overflows, leading to heap-buffer overflows in JPEG, PNG and BMP reader implementations [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=822216
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update libreoffice' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce