./packages/libreoffice/3.3.0/experimental r2350: mention fixed security issues

Wed, 26 Jan 2011 07:55:33 -0800 

------------------------------------------------------------
revno: 2350
committer: Rene Engelhard <r...@debian.org>
branch nick: debian
timestamp: Tue 2011-01-25 12:42:28 +0100
message:
  mention fixed security issues
modified:
  changelog

=== modified file 'changelog'
--- a/changelog 2011-01-25 11:42:09 +0000
+++ b/changelog 2011-01-25 11:42:28 +0000
@@ -25,6 +25,8 @@
       openoffice.org-common (<< 1:3.3.0~)
   * debian/libreoffice-common.preinst.in: rm_conffile
     /etc/bash_completion.d/ooffice.sh if upgrading from older 
libreoffice-common
+  * debian/changelog: mention fixed security issues in previous changelog
+    entries
 
  -- Rene Engelhard <r...@debian.org>  Mon, 24 Jan 2011 01:56:24 +0100
 
@@ -56,6 +58,12 @@
 libreoffice (1:3.3.0~rc3-1) experimental; urgency=low
 
   * LibreOffice 3.3.0 rc3
+    - includes OpenOffice.org 3.3.0 release branch milestone 19, so:
+      + fixes CVE-2010-3702 and CVE-2010-3704 for the (unused) internal
+        xpdf copy
+      + fixes CVE-2010-4494 for the (unused) internal libxml2 copy
+      + fixes possible heap overflow when reading manipulated TGA images
+        (CVE-2010-4643)
 
   * debian/patches/java-common-message-LibreOffice.diff: fix patched-in
     java-common message to say libreoffice-java-common (closes: #609660)
@@ -152,6 +160,7 @@
 libreoffice (1:3.3.0~rc2-1) experimental; urgency=low
 
   * LibreOffice 3.3.0 rc2
+    - fixes CVE-2010-4008 for the (unused) internal libxml2 copy
     - fix config path in soffice (closes: #606432)
     - includes OpenOffice.org 3.3.0 release branch milestone 18, so:
       + fixes export of group shapes to ppt (closes: #607377)
@@ -194,6 +203,8 @@
 libreoffice (1:3.3.0~rc1-1) experimental; urgency=low
 
   * LibreOffice 3.3.0 rc1
+    - includes OpenOffice.org 3.3.0 release branch milestone 17, so:
+      + fixes CVE-2010-4253: Heap based buffer overflow, PPT files.
 
   * debian/patches/splash-progressbarcolor.diff: update for new artwork 
   * debian/patches/buildfix-patches.diff: remove
@@ -250,6 +261,16 @@
   * LibreOffice 3.3 beta3
     - Set correct default formula syntax value in case it's not
       explicitly set (closes: #527535)
+    - includes OpenOffice.org 3.3.0 release branch milestone 10, so:
+      + fixes several vulerabilities:
+        . soffice script does not treat empty LD_LIBRARY_PATH like unset one
+          (CVE-2010-3689)
+        . Crash in WW8DopTypography::ReadFromMem (CVE-2010-3454)
+        . Crash in SwRTFParser::ReadNumSecLevel (CVE-2010-3452)
+        . Out of bounds write in WW8ListManager::WW8ListManager()
+          (CVE-2010-3453)
+        . Loading certain RTF document leads to corrupt table model
+          (CVE-2010-3451)
 
   * debian/patches/buildfix-patches.diff:
     openoffice.org-report-builder -> libreoffice-report-builder
@@ -321,6 +342,7 @@
     - includes OpenOffice.org 3.3.0 release branch milestone 9, so:
       + fixes hebrew text in sheet tabs when using system fonts
         (closes: #433231)
+      + fixes directory traversal vulnerability in OOo (CVE-2010-3450)
 
   * switch to new LibreOffice build infrastructure (more or less ooo-build,
     though), update Homepage:.

Reply via email to