Apache OpenOffice has announced the details of CVE-2013-2189 and CVE-2013-4156 as they affect Apache OpenOffice, i.e.
CVE-2013-2189: CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability http://permalink.gmane.org/gmane.comp.apache.maven.announce/1503 CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability http://permalink.gmane.org/gmane.comp.apache.maven.announce/1504 I have now put up equivalent advisory pages for LibreOffice as... a) http://www.libreoffice.org/advisories/CVE-2013-2189/ CVE-2013-2189: Microsoft .doc Memory Corruption Vulnerability We fixed this problem as a side effect of our fixes for CVE-2011-2713 so any version of LibreOffice >= 3.4.3 is unaffected. and b) http://www.libreoffice.org/advisories/CVE-2013-4156/ CVE-2013-4156: Microsoft .docm Denial Of Service We had done some additional work in that filter so for LibreOffice the document triggered a NULL deref and immediate termination of the application. So it's a mild denial of service issue for LibreOffice, nevertheless upgrading to LibreOffice 3.6.7/4.0.4/4.1.0 will avoid the DOS. C. -- To unsubscribe e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
