openoffice --- document disclosure

Jacques Vidrine nectar at FreeBSD.org
Tue Sep 14 19:55:03 PDT 2004 

NAKATA Maho wrote:
> In Message-ID: <20040914232905.GD95323 at madman.celabo.org> 
> "Jacques A. Vidrine" <nectar at FreeBSD.org> wrote:
> 
> Dear nectar and portmgr:
> 
> Dear portmgr:
> o I forgot to bump PORTREVISION
> o I should change VuXML entry < 1.1.2_1 
> Please approve!
> thank you very much!
>  
> Dear nectar:
> 
> Index: Makefile
> ===================================================================
> RCS file: /home/pcvs/ports/editors/openoffice-1.1/Makefile,v
> retrieving revision 1.165
> diff -u -r1.165 Makefile
> --- Makefile    14 Sep 2004 22:20:51 -0000      1.165
> +++ Makefile    15 Sep 2004 02:35:18 -0000
> @@ -7,6 +7,7 @@
>  
>  PORTNAME=      openoffice
>  PORTVERSION=   1.1.2
> +PORTREVISION=  1
>  CATEGORIES+=   editors
>  MASTER_SITES+=  ${MASTER_SITE_RINGSERVER:S,%SUBDIR%,misc/openoffice/&,} \
>                 ftp://sunsite.cnlab-switch.ch/mirror/OpenOffice/%SUBDIR%/ \
> 
> cvs server: Diffing .
> Index: vuln.xml
> ===================================================================
> RCS file: /home/pcvs/ports/security/vuxml/vuln.xml,v
> retrieving revision 1.218
> diff -u -r1.218 vuln.xml
> --- vuln.xml    14 Sep 2004 03:38:59 -0000      1.218
> +++ vuln.xml    15 Sep 2004 02:36:34 -0000
> @@ -176,7 +176,7 @@
>         <name>tr-openoffice</name>
>         <name>zh-openoffice-CN</name>
>         <name>zh-openoffice-TW</name>
> -       <range><ge>0</ge></range>
> +       <range><ge>1.1.2_1</ge></range>
>        </package>
>      </affects>
>      <description>
> cvs server: Diffing files
> 
> is sufficient?

Yes, I think that will be just fine.  Normally, I would encourage you to 
make the VuXML commit yourself, but because of the ports freeze, I will 
handle it this time.

> You covered almost all:
> 
> my commit at least fixed for
> arabic/openoffice-1.1
[...]
> 
> and not fixed for 
> openoffice-1.1-devel.
> which has same vulnerability.
> Nevertheless it will be fixed in very soon, and not very
> influencing...
> 
> and also you cover:
> chinese/openoffice-1.0-zh_CN
[...]
> these port might have mozilla vulnerability and also
> have problems.

OK.  Thanks for your attention!
-- 
Jacques A Vidrine / NTT/Verio
nectar at celabo.org / jvidrine at verio.net / nectar at FreeBSD.org

More information about the freebsd-openoffice mailing list