svn commit: r418884 - head/security/vuxml
Don Lewis
truckman at FreeBSD.org
Thu Jul 21 18:04:16 UTC 2016
Author: truckman
Date: Thu Jul 21 18:04:14 2016
New Revision: 418884
URL: https://svnweb.freebsd.org/changeset/ports/418884
Log:
Apache OpenOffice CVE-2016-1513 Memory Corruption Vulnerability
(Impress Presentations)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jul 21 17:47:02 2016 (r418883)
+++ head/security/vuxml/vuln.xml Thu Jul 21 18:04:14 2016 (r418884)
@@ -58,6 +58,44 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="72f71e26-4f69-11e6-ac37-ac9e174be3af">
+ <topic>Apache OpenOffice 4.1.2 -- Memory Corruption Vulnerability (Impress Presentations)</topic>
+ <affects>
+ <package>
+ <name>apache-openoffice</name>
+ <range><lt>4.1.2_8</lt></range>
+ </package>
+ <package>
+ <name>apache-openoffice-devel</name>
+ <range><lt>4.2.1753426,4</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Apache OpenOffice Project reports:</p>
+ <blockquote cite="http://www.openoffice.org/security/cves/CVE-2016-1513.html">
+ <p>An OpenDocument Presentation .ODP or Presentation Template
+ .OTP file can contain invalid presentation elements that lead
+ to memory corruption when the document is loaded in Apache
+ OpenOffice Impress. The defect may cause the document to appear
+ as corrupted and OpenOffice may crash in a recovery-stuck mode
+ requiring manual intervention. A crafted exploitation of the
+ defect can allow an attacker to cause denial of service
+ (memory corruption and application crash) and possible
+ execution of arbitrary code.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-1513</cvename>
+ <url>http://www.openoffice.org/security/cves/CVE-2015-4551.html</url>
+ </references>
+ <dates>
+ <discovery>2016-07-17</discovery>
+ <entry>2016-07-21</entry>
+ </dates>
+ </vuln>
+
<vuln vid="ca5cb202-4f51-11e6-b2ec-b499baebfeaf">
<topic>MySQL -- Multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list