Package: openoffice.org Version: 1.1.2-2 Severity: important Tags: security patch
OpenOffice temporarily stores documents with insecure permissions, leading to a compromise of document confidentiality for other non-root users on that system. Details can be found at: http://www.openoffice.org/issues/show_bug.cgi?id=33357 I've set the severity to important, please raise it if you think that it's release critical. I extracted a patch from the OpenOffice.org that fixes the vulnerability. It's attached. Cheers, Moritz -- Moritz Mühlenhoff [EMAIL PROTECTED] fon: +49 421 22 232- 0 Development Linux for Your Business Univention GmbH http://www.univention.de/ fax: +49 421 22 232-99 -- System Information: Debian Release: 3.0 Architecture: i386 Kernel: Linux anton 2.4.26 #1 SMP Wed Jun 30 12:43:43 CEST 2004 i686 Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] Versions of packages openoffice.org depends on: ii dictionaries-co 0.15.4.2.200310221248 Common utilities for spelling dict ii openoffice.org- 1.1.2-2.28.200407132023 OpenOffice.org office suite binary ii openoffice.org- 1.1.2-2+1.5.200407140824 Debian specific parts of OpenOffic ii openoffice.org- 1.1.2-2.28.200407132023 German language package for OpenOf ii openoffice.org- 1.1.2-2.28.200407132023 English (US) language package for ii ttf-opensymbol 1.1.2-2.28.200407132023 The OpenSymbol TrueType font -- debconf-show failed
/home/jmm/openoffice.org-secure-tempfile-permissions.diff
Description: image/3ds
