openoffice --- document disclosure

NAKATA Maho chat95 at mac.com
Tue Sep 14 19:37:06 PDT 2004 

In Message-ID: <20040914232905.GD95323 at madman.celabo.org> 
"Jacques A. Vidrine" <nectar at FreeBSD.org> wrote:

Dear nectar and portmgr:

Dear portmgr:
o I forgot to bump PORTREVISION
o I should change VuXML entry < 1.1.2_1 
Please approve!
thank you very much!
 
Dear nectar:

Index: Makefile
===================================================================
RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v
retrieving revision 1.165
diff -u -r1.165 Makefile
--- Makefile    14 Sep 2004 22:20:51 -0000      1.165
+++ Makefile    15 Sep 2004 02:35:18 -0000
@@ -7,6 +7,7 @@
 
 PORTNAME=      openoffice
 PORTVERSION=   1.1.2
+PORTREVISION=  1
 CATEGORIES+=   editors
 MASTER_SITES+=  ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,misc/openoffice/&,} \
                ftp://sunsite.cnlab-switch.ch/mirror/OpenOffice/%SUBDIR%/ \

cvs server: Diffing .
Index: vuln.xml
===================================================================
RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v
retrieving revision 1.218
diff -u -r1.218 vuln.xml
--- vuln.xml    14 Sep 2004 03:38:59 -0000      1.218
+++ vuln.xml    15 Sep 2004 02:36:34 -0000
@@ -176,7 +176,7 @@
        <name>tr-openoffice</name>
        <name>zh-openoffice-CN</name>
        <name>zh-openoffice-TW</name>
-       <range><ge>0</ge></range>
+       <range><ge>1.1.2_1</ge></range>
       </package>
     </affects>
     <description>
cvs server: Diffing files

is sufficient?

> Actually there are so many version in the ports tree that I'm not sure
> that they are all covered.  Assistance here would be appreciated.  If
> you are not going to correct OOo 1.0.3, that's fine... we just need to
> make sure that we do specify the *corrected* version numbers.  e.g., I
> guess now that you have committed a fix, you must bump PORTREVISION
> and the VuXML entry needs to be changed to `< 1.1.2_1' for the
> appropriate ports.

You covered almost all:

my commit at least fixed for
arabic/openoffice-1.1
chinese/openoffice-1.1-zh_CN
chinese/openoffice-1.1-zh_TW
editors/openoffice-1.1
editors/openoffice-1.1-ca
editors/openoffice-1.1-cs
editors/openoffice-1.1-dk
editors/openoffice-1.1-el
editors/openoffice-1.1-es
editors/openoffice-1.1-et
editors/openoffice-1.1-fi
editors/openoffice-1.1-it
editors/openoffice-1.1-nl
editors/openoffice-1.1-se
editors/openoffice-1.1-sk
editors/openoffice-1.1-sl_SI
editors/openoffice-1.1-tr
french/openoffice-1.1
german/openoffice-1.1
hungarian/openoffice-1.1
japanese/openoffice-1.1
korean/openoffice-1.1
polish/openoffice-1.1
portuguese/openoffice-1.1-pt_BR
portuguese/openoffice-1.1-pt_PT
russian/openoffice-1.1

and not fixed for 
openoffice-1.1-devel.
which has same vulnerability.
Nevertheless it will be fixed in very soon, and not very
influencing...

and also you cover:
chinese/openoffice-1.0-zh_CN
chinese/openoffice-1.0-zh_TW
editors/openoffice-1.0
editors/openoffice-1.0-ar
editors/openoffice-1.0-dk
editors/openoffice-1.0-es
editors/openoffice-1.0-gr
editors/openoffice-1.0-it
editors/openoffice-1.0-nl
editors/openoffice-1.0-se
editors/openoffice-1.0-tr
french/openoffice-1.0
german/openoffice-1.0
japanese/openoffice-1.0
korean/openoffice-1.0
polish/openoffice-1.0
portuguese/openoffice-1.0
russian/openoffice-1.0 

these port might have mozilla vulnerability and also
have problems.

> Hmm, OK.  Yesterday I entered VuXML information about several Mozilla
> vulnerabilities that affected many different version of Mozilla.  I
> also know of about 8 more that I've yet to document.  It will be
> difficult to determine which of these actually affect OpenOffice, so
> it may be best to fix them...
thanks a lot.

best reagards,
--nakata maho

More information about the freebsd-openoffice mailing list