Re: CVE-2012-4233: multiple null pointer dereference flaws in LibreOffice/OpenOffice.org

[Caolán McNamara <caolanm () redhat com>]

On Fri, 2012-11-02 at 09:07 +0100, Marcus Meissner wrote:
> On Thu, Nov 01, 2012 at 02:44:23PM -0600, Vincent Danen wrote:
> > This one took me a bit by surprise.  Debian released an advisory for OOo
> > and I have no record of this CVE anywhere.  It looks as though it went
> > public yesterday, and was fixed in upstream 3.5.7.2, but it's not noted
> > on the LibreOffice web site at all.

Because I update the web site and I didn't get around to it until this
morning. http://www.libreoffice.org/advisories/cve-2012-4233/
https://www.htbridge.com/advisory/HTB23106 is the source of the CVE and
their advisory contains the reproducer documents.

> > > Does anyone have any further details on these issues?  I just filed a
> > bug in our bugzilla (https://bugzilla.redhat.com/show_bug.cgi?id=872350)
> > with the following description/references which are all I've been able
> > to find so far.

These are the commits for the high-tech advisories
http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=44bc6b5cac723b52df40fbef026e99b7119d8a69
http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=8ca9fb05c9967f11670d045886438ddfa3ac02a7
http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-3-5-7&id=6789ec4c1a9c6af84bd62e650a03226a46365d97
http://cgit.freedesktop.org/libreoffice/binfilter/commit/?h=libreoffice-3-5-7&id=7e22ee55ffc9743692f3ddb93e59dd4427029c5b

> (The whole OpenOffice/LibreOffice security issue handling is not really
> good ... long embargoes that get extended wildly even though fixes are in
> public GIT already, etc )

Well, I'd be more than happy to have more distro folk subscribed to
officesecurity () lists freedesktop org Fixing the bugs is easy, syncing
embargo dates between LibreOffice and Apache OOo is a bit more
challenging.

C.