This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-staging
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
The following commit(s) were added to refs/heads/asf-staging by this push:
new cbe12a2 git-site-role commit from build_staging.sh
cbe12a2 is described below
commit cbe12a2a5b6890b223d7eab10485ed418393c05c
Author: jenkins <bui...@apache.org>
AuthorDate: Sat May 15 16:10:28 2021 +0000
git-site-role commit from build_staging.sh
---
content/feed.xml | 4 +-
content/security/CVE-2006-2198.html | 71 -------
content/security/CVE-2006-2199.html | 84 --------
content/security/CVE-2006-3117.html | 78 -------
content/security/alerts.html | 43 ++--
content/security/bulletin-20060629.html | 43 ----
content/security/bulletin.html | 349 +++++++++++++++----------------
content/security/cves/CVE-YYYY-XXXX.html | 132 +++++++-----
content/security/faq.html | 276 +++++++++++++-----------
content/security/index.html | 104 +++++----
10 files changed, 489 insertions(+), 695 deletions(-)
diff --git a/content/feed.xml b/content/feed.xml
index 8117afd..2f95c2d 100644
--- a/content/feed.xml
+++ b/content/feed.xml
@@ -6,8 +6,8 @@
<atom:link href="http://localhost:8820/feed.xml"; rel="self"
type="application/rss+xml" />
<description>OpenOffice.org Feed</description>
<language>en-us</language>
- <pubDate>Sat, 15 May 2021 14:09:11 +0000</pubDate>
- <lastBuildDate>Sat, 15 May 2021 14:09:11 +0000</lastBuildDate>
+ <pubDate>Sat, 15 May 2021 16:09:13 +0000</pubDate>
+ <lastBuildDate>Sat, 15 May 2021 16:09:13 +0000</lastBuildDate>
</channel>
diff --git a/content/security/CVE-2006-2198.html
b/content/security/CVE-2006-2198.html
deleted file mode 100644
index e4d11d4..0000000
--- a/content/security/CVE-2006-2198.html
+++ /dev/null
@@ -1,71 +0,0 @@
-
-<!--#include virtual="/doctype.html" -->
-<html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-
- <link href="/css/ooo.css" rel="stylesheet" type="text/css">
-
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<title>CVE-2006-2198</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
- /*]]>*/
- </style>
-
-
- <script src="https://www.apachecon.com/event-images/snippet.js";></script>
- </head>
- <body>
- <!--#include virtual="/brand.html" -->
- <div id="topbara">
- <!--#include virtual="/topnav.html" -->
- <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a></div>
- </div>
- <div id="clear"></div>
-
-
- <div id="content">
-
-
-<h2>Macro, CVE-2006-2198</h2>
-<h3>Macro Vulnerability</h3>
-<ul>
- <li> <strong>Synopsis: </strong>Security Vulnerability With Macros in
OpenOffice.org
- <li> <strong>Issue ID: </strong>66863
- <li> <strong>State: </strong>Resolved
-</ul>
-<h4>1. Impact</h4>
-<p>A security vulnerability in OpenOffice.org may make it possible to inject
basic code into documents which is executed upon loading of the document. The
user will not be asked or notified and the macro will have full access to
system resources with current user's privileges. As a result, the macro may
delete/replace files, read/send private data and/or cause additional security
issues.</p>
-<p><b>Note:</b> Disabling document macros will not prevent this issue.</p>
-<p>
-This issue is also described in<br>
-CVE-2006-2198, <a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198";>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2198</a>,
-<br>
-Sun Alert 102490,
-<a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1";>
-http://sunsolve.sun.com/search/document.do?assetkey=1-26-102490-1</a>
-</p>
-<h4>2. Contributing Factors</h4>
-<p>This issue can occur in the following releases:</p>
-<p><strong>OpenOffice.org 1.1.x,</strong> <strong>OpenOffice.org
2.0.x</strong></p>
-<h4>3. Symptoms</h4>
-<p>There are no predictable symptoms that would indicate the described issue
has been exploited.</p>
-<h4>4. Relief/Workaround</h4>
-<p>There is no workaround. Please see the "Resolution" section
below.</p>
-<h4>5. Resolution</h4>
-<p>This issue is addressed in the following releases:</p>
-<p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
- <hr />
- <p>
- <a href="//security/">Security Home</a> ->
- <a href="//security/bulletin.html">Bulletin</a> ->
- <a href="//security/cves/CVE-2006-2198.html">CVE-2006-2198</a>
- </p>
-
-
- </div>
- <!--#include virtual="/footer.html" -->
- </body>
-</html>
diff --git a/content/security/CVE-2006-2199.html
b/content/security/CVE-2006-2199.html
deleted file mode 100644
index 6be4cf7..0000000
--- a/content/security/CVE-2006-2199.html
+++ /dev/null
@@ -1,84 +0,0 @@
-
-<!--#include virtual="/doctype.html" -->
-<html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-
- <link href="/css/ooo.css" rel="stylesheet" type="text/css">
-
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<title>CVE-2006-2199</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
- /*]]>*/
- </style>
-
-
-
- <script src="https://www.apachecon.com/event-images/snippet.js";></script>
- </head>
- <body>
- <!--#include virtual="/brand.html" -->
- <div id="topbara">
- <!--#include virtual="/topnav.html" -->
- <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a></div>
- </div>
- <div id="clear"></div>
-
-
- <div id="content">
-
-
-<h2>Java Applets, CVE-2006-2199</h2>
-<h3>Java Applets </h3>
-<ul><li><strong>Synopsis:</strong> Security Vulnerability With Java Applets in
OpenOffice.org </li>
- <li> <strong>Issue ID:</strong> 66862</li>
- <li> <strong>State:</strong> Resolved</li>
-</ul>
-<h4><strong>1. Impact</strong></h4>
-<p>A security vulnerability related to OpenOffice.org documents may allow
certain Java applets to break through the "sandbox" and therefore
have full access to system resources with current user privileges. The
offending Applets may be constructed to destroy/replace files, read or send
private data, and/or cause additional security issues.</p>
-<p>This issue is also described in
-<br>
-CVE-2006-2199,
-<a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2199";>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-2199</a>,
-<br>Sun Alert 102475
-<a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102475-1";>
-http://sunsolve.sun.com/search/document.do?assetkey=1-26-102475-1</a>
-</p>
-<h4><strong>2. Contributing Factors</strong></h4>
-<p>This issue can occur in the following releases:</p>
-<p><strong>OpenOffice.org 1.1.x, OpenOffice.org 2.0.x</strong></p>
-<h4><strong>3. Symptoms</strong></h4>
-<p>There are no predictable symptoms that would indicate the described issue
has been exploited.</p>
-<h4><strong>4. Relief/Workaround</strong></h4>
-<p>To work around the described issue, disable support for Java Applets (for
OpenOffice.org) by doing the following:</p>
-<p><strong>OpenOffice.org 1.x :</strong></p>
-<p>In options dialog: Select --> Tools/Options/OpenOffice.org/Security
--> uncheck "Enable Applets"</p>
-<p><strong>OpenOffice.org 2.x </strong></p>
-<p>There is no longer a User Interface (UI) for configuring this option in
OpenOffice.org 2.0; the change must be done in configuration files with a text
editor. Add the following into your OpenOffice.org settings (typically) for
this file
<code>"~/.openoffice2.0/user/registry/data/org/openoffice/Office/Common.xcu":</code></p>
-<p><code><node oor:name="Java"><br>
-<node oor:name="Applet"><br>
-<prop oor:name="Enable" oor:type="xs:boolean"><br>
-<value>false</value><br>
-</prop><br>
-</node><br>
-</node></code></p>
-<h4>5. Resolution</h4>
-<p>This issue is addressed in the following releases:</p>
-<p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
-<p><strong>Notes:</strong></p>
-<p>With the updated versions for OpenOffice.org, support for Java applets in
OpenOffice.org will be disabled.</p>
-<p> </p>
- <hr />
- <p>
- <a href="//security/">Security Home</a> ->
- <a href="//security/bulletin.html">Bulletin</a> ->
- <a href="//security/cves/CVE-2006-2199.html">CVE-2006-2199</a>
- </p>
-
-
- </div>
- <!--#include virtual="/footer.html" -->
- </body>
-</html>
diff --git a/content/security/CVE-2006-3117.html
b/content/security/CVE-2006-3117.html
deleted file mode 100644
index 4faffe6..0000000
--- a/content/security/CVE-2006-3117.html
+++ /dev/null
@@ -1,78 +0,0 @@
-
-<!--#include virtual="/doctype.html" -->
-<html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-
- <link href="/css/ooo.css" rel="stylesheet" type="text/css">
-
-<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
-<title>CVE-2006-3117</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
- /*]]>*/
- </style>
-
-
-
- <script src="https://www.apachecon.com/event-images/snippet.js";></script>
- </head>
- <body>
- <!--#include virtual="/brand.html" -->
- <div id="topbara">
- <!--#include virtual="/topnav.html" -->
- <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a></div>
- </div>
- <div id="clear"></div>
-
-
- <div id="content">
-
-
-<h2>File Format, CVE-2006-3117</h2>
-<h3>File Format</h3>
-<ul>
- <li><strong>Synopsis</strong>: File Format / Buffer Overflow Vulnerability:
Loading malformed XML documents can cause buffer overflows and crash
OpenOffice.org.</li>
- <li><strong>Issue ID:</strong> 66866</li>
- <li><strong>State:</strong> Resolved</li>
-</ul>
-<h4> 1. Impact: </h4>
-<p> The buffer overflow allows for a value to be written to an arbitrary
location in memory. This may lead to command execution in the context of the
current user. </p>
-<p> This issue is also described in
-<br>
- CVE-2006-3117 at: <a
HREF="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117";>http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-3117</a>,
-<br>NGSSoftware Advisory,
-<a href="http://www.ngssoftware.com/advisories/openoffice.txt";>
-http://www.ngssoftware.com/advisories/openoffice.txt</a>
-<br>
-Sun Alert 102501,
-<a href="http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1";>
-http://sunsolve.sun.com/search/document.do?assetkey=1-26-102501-1
-</a>
-</p>
-<h4> 2. Contributing Factors: </h4>
-<p> This issue can occur in the following releases:<strong> OpenOffice.org
1.1.x</strong> and <strong>OpenOffice.org 2.0.x</strong> </p>
-<h4> 3. Symptoms: </h4>
-<p> OpenOffice.org can crash due to internal buffer overflows when loading a
malformed document. </p>
-<h4> 4. Relief/Workaround:</h4>
-<p> None.</p>
-<h4> 5. Resolution: </h4>
-<p><strong>OpenOffice.org 1.1.5 Patch, OpenOffice.org 2.0.3</strong></p>
-<h4> 6. Credits: </h4>
-<p>
-Wade Alcorn of NGSSoftware discovered the vulnerability and aided in the
explanation/fix.
-</P>
-<p> </p>
- <hr />
- <p>
- <a href="//security/">Security Home</a> ->
- <a href="//security/bulletin.html">Bulletin</a> ->
- <a href="//security/cves/CVE-2006-3117.html">CVE-2006-3117</a>
- </p>
-
-
- </div>
- <!--#include virtual="/footer.html" -->
- </body>
-</html>
diff --git a/content/security/alerts.html b/content/security/alerts.html
index c5ba82e..735b5f5 100644
--- a/content/security/alerts.html
+++ b/content/security/alerts.html
@@ -7,11 +7,10 @@
<link href="/css/ooo.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-
<title>Apache OpenOffice Security Alerts</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
+ <style>
+ /*<![CDATA[*/
+ hr { display: block }
/*]]>*/
</style>
@@ -30,29 +29,35 @@
<div id="content">
+
<h2>Apache OpenOffice Security Alerts</h2>
- <p>The Apache OpenOffice Security Team publishes details of security
- vulnerabilities in our <a
href="https://www.openoffice.org/security/bulletin.html";>Security
- Bulletin</a>.</p>
+ <p>
+ The Apache OpenOffice Security Team publishes details of security
vulnerabilities in our
+ <a href="https://www.openoffice.org/security/bulletin.html";>Security
Bulletin</a>.
+ </p>
- <p>We also publish these alerts via the project's announcement list,
<em>announce</em>.</p>
+ <p>
+ We also publish these alerts via the project's announcement list,
<em>announce</em>.
+ </p>
- <p>If you would like to subscribe to the list, please send a blank email to
- <a href=
-
"mailto:announce-subscr...@openoffice.apache.org";>announce-subscr...@openoffice.apache.org</a>.
- You will be sent an email from instructions how to confirm your
- subscription. Once you have confirmed your subscription, you will receive
- any future emails from announce until you
- unsubscribe.</p>
+ <p>
+ If you would like to subscribe to the list, please send a blank email to
+ <a
href="mailto:announce-subscr...@openoffice.apache.org";>announce-subscr...@openoffice.apache.org</a>.
+ You will be sent an email from instructions how to confirm your
subscription. Once you
+ have confirmed your subscription, you will receive any future emails from
announce until
+ you unsubscribe.
+ </p>
- <p>Please note that the mailing list is fully automated, so if you use
- spam-filtering software, please make sure it will accept emails from
- <em>annou...@openoffice.apache.org</em> <u>before</u> you try and
- subscribe.</p>
+ <p>
+ Please note that the mailing list is fully automated, so if you use
spam-filtering
+ software, please make sure it will accept emails from
+ <em>annou...@openoffice.apache.org</em> <u>before</u> you try and
subscribe.
+ </p>
<a href="https://openoffice.apache.org/security.html";>Security Reports</a>
+
</div>
<!--#include virtual="/footer.html" -->
diff --git a/content/security/bulletin-20060629.html
b/content/security/bulletin-20060629.html
deleted file mode 100644
index c853baf..0000000
--- a/content/security/bulletin-20060629.html
+++ /dev/null
@@ -1,43 +0,0 @@
-
-<!--#include virtual="/doctype.html" -->
-<html>
- <head>
- <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
-
- <link href="/css/ooo.css" rel="stylesheet" type="text/css">
-
- <title>
- Security Bulletin 2006-06-29
- </title>
-
-
-
- <script src="https://www.apachecon.com/event-images/snippet.js";></script>
- </head>
- <body>
- <!--#include virtual="/brand.html" -->
- <div id="topbara">
- <!--#include virtual="/topnav.html" -->
- <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a></div>
- </div>
- <div id="clear"></div>
-
-
- <div id="content">
-
-
-
-<h2>Security Bulletin 2006-06-29</h2>
-<p>OpenOffice.org 2.0.3 fixes three security vulnerabilites that have been
found through internal security audits. Although there are currently no known
exploits, we urge all users of 2.0.x prior to 2.0.2 to upgrade to the new
version or install their vendor's patches accordingly. Patches for users of
OpenOffice.org 1.1.5 will be available shortly.</p>
-<p>The three vulnerabilities involve:</p>
-<ul>
- <li><a href="CVE-2006-2199.html"> Java Applets, CVE-2006-2199</a></li>
- <li><a href="CVE-2006-2198.html">Macro, CVE-2006-2198</a>; and</li>
- <li><a href="CVE-2006-3117.html">File Format, CVE-2006-3117</a></li>
-</ul>
-
-
- </div>
- <!--#include virtual="/footer.html" -->
- </body>
-</html>
diff --git a/content/security/bulletin.html b/content/security/bulletin.html
index 72f9058..6258024 100644
--- a/content/security/bulletin.html
+++ b/content/security/bulletin.html
@@ -6,15 +6,14 @@
<link href="/css/ooo.css" rel="stylesheet" type="text/css">
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache OpenOffice Security Team Bulletin</title>
- <style type="text/css">
+ <style>
/*<![CDATA[*/
- hr { display: block }
+ hr { display: block }
/*]]>*/
</style>
-
<script src="https://www.apachecon.com/event-images/snippet.js";></script>
</head>
@@ -31,242 +30,238 @@
-<!-- This page needs further adjustment to avoid style conflicts with
- the HTML5 wrappers that it is embedded under.
--->
-
-<h2>Apache OpenOffice Security Team Bulletin</h2>
+ <h2>Apache OpenOffice Security Team Bulletin</h2>
-<p>
- <strong>
- If you want to stay up to date on Apache OpenOffice security
announcements, please subscribe to our <a href="alerts.html">security-alerts
mailing list</a>.
- </strong>
-</p>
+ <p>
+ <strong>If you want to stay up to date on Apache OpenOffice security
announcements, please
+ subscribe to our <a href="alerts.html">security-alerts mailing
list</a>.</strong>
+ </p>
-<h3>Fixed in Apache OpenOffice 4.1.10</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.10</h3>
-<ul>
- <li><a href="cves/CVE-2021-30245.html">CVE-2021-30245</a>: Code execution in
Apache OpenOffice via non-http(s) schemes in Hyperlinks </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2021-30245.html">CVE-2021-30245</a>: Code execution
in Apache OpenOffice via non-http(s) schemes in Hyperlinks</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.8</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.8</h3>
-<ul>
- <li><a href="cves/CVE-2020-13958.html">CVE-2020-13958</a>: Unrestricted
actions leads to arbitrary code execution in crafted documents </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2020-13958.html">CVE-2020-13958</a>: Unrestricted
actions leads to arbitrary code execution in crafted documents</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.7</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.7</h3>
-<ul>
- <li><a href="cves/CVE-2019-9853.html">CVE-2019-9853</a>: Insufficient URL
decoding flaw in categorizing macro location </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2019-9853.html">CVE-2019-9853</a>: Insufficient URL
decoding flaw in categorizing macro location</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.6</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.6</h3>
-<ul>
- <li><a href="cves/CVE-2018-11790.html">CVE-2018-11790</a>: Arithmetic
overflow and wrap around during string length calculation </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2018-11790.html">CVE-2018-11790</a>: Arithmetic
overflow and wrap around during string length calculation </li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.5</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.5</h3>
-<ul>
- <li>No security vulnerabilities fixed in this release</li>
-</ul>
+ <ul>
+ <li>No security vulnerabilities fixed in this release</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.4</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.4</h3>
-<ul>
- <li><a href="cves/CVE-2017-3157.html">CVE-2017-3157</a>: Arbitrary file
disclosure in Calc and Writer</li>
- <li><a href="cves/CVE-2017-9806.html">CVE-2017-9806</a>: Out-of-Bounds
Write in Writer's WW8Fonts Constructor</li>
- <li><a href="cves/CVE-2017-12607.html">CVE-2017-12607</a>: Out-of-Bounds
Write in Impress' PPT Filter</li>
- <li><a href="cves/CVE-2017-12608.html">CVE-2017-12608</a>: Out-of-Bounds
Write in Writer's ImportOldFormatStyles</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2017-3157.html">CVE-2017-3157</a>: Arbitrary file
disclosure in Calc and Writer</li>
+ <li><a href="cves/CVE-2017-9806.html">CVE-2017-9806</a>: Out-of-Bounds
Write in Writer's WW8Fonts Constructor</li>
+ <li><a href="cves/CVE-2017-12607.html">CVE-2017-12607</a>: Out-of-Bounds
Write in Impress' PPT Filter</li>
+ <li><a href="cves/CVE-2017-12608.html">CVE-2017-12608</a>: Out-of-Bounds
Write in Writer's ImportOldFormatStyles</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.3</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.3</h3>
-<ul>
- <li><a href="cves/CVE-2016-1513.html">CVE-2016-1513</a>: Memory Corruption
Vulnerability (Impress Presentations)</li>
- <li><a href="cves/CVE-2016-6803.html">CVE-2016-6803</a>: Windows Installer
Can Enable Privileged Trojan Execution</li>
- <li><a href="cves/CVE-2016-6804.html">CVE-2016-6804</a>: Windows Installer
Execution of Arbitrary Code with Elevated Privileges</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2016-1513.html">CVE-2016-1513</a>: Memory Corruption
Vulnerability (Impress Presentations)</li>
+ <li><a href="cves/CVE-2016-6803.html">CVE-2016-6803</a>: Windows Installer
Can Enable Privileged Trojan Execution</li>
+ <li><a href="cves/CVE-2016-6804.html">CVE-2016-6804</a>: Windows Installer
Execution of Arbitrary Code with Elevated Privileges</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.2</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.2</h3>
-<ul>
- <li><a href="cves/CVE-2015-1774.html">CVE-2015-1774</a>: Out-of-Bounds Write
in HWP File Filter</li>
- <li><a href="cves/CVE-2015-4551.html">CVE-2015-4551</a>: Targeted Data
Disclosure</li>
- <li><a href="cves/CVE-2015-5212.html">CVE-2015-5212</a>: ODF Printer
Settings Vulnerability</li>
- <li><a href="cves/CVE-2015-5213.html">CVE-2015-5213</a>: .DOC Document
Vulnerability</li>
- <li><a href="cves/CVE-2015-5214.html">CVE-2015-5214</a>: .DOC Bookmarks
Vulnerability</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2015-1774.html">CVE-2015-1774</a>: Out-of-Bounds
Write in HWP File Filter</li>
+ <li><a href="cves/CVE-2015-4551.html">CVE-2015-4551</a>: Targeted Data
Disclosure</li>
+ <li><a href="cves/CVE-2015-5212.html">CVE-2015-5212</a>: ODF Printer
Settings Vulnerability</li>
+ <li><a href="cves/CVE-2015-5213.html">CVE-2015-5213</a>: .DOC Document
Vulnerability</li>
+ <li><a href="cves/CVE-2015-5214.html">CVE-2015-5214</a>: .DOC Bookmarks
Vulnerability</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.1</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.1</h3>
-<ul>
- <li><a href="cves/CVE-2014-3575.html">CVE-2014-3575</a>: Targeted Data
Exposure Using Crafted OLE Objects in Apache OpenOffice</li>
- <li><a href="cves/CVE-2014-3524.html">CVE-2014-3524</a>: Calc Command
Injection Vulnerability in Apache OpenOffice</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2014-3575.html">CVE-2014-3575</a>: Targeted Data
Exposure Using Crafted OLE Objects in Apache OpenOffice</li>
+ <li><a href="cves/CVE-2014-3524.html">CVE-2014-3524</a>: Calc Command
Injection Vulnerability in Apache OpenOffice</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.0.0</h3>
+ <h3>Fixed in Apache OpenOffice 4.0.0</h3>
-<ul>
- <li><a href="cves/CVE-2013-2189.html">CVE-2013-2189</a>: DOC Memory
Corruption Vulnerability in Apache OpenOffice</li>
- <li><a href="cves/CVE-2013-4156.html">CVE-2013-4156</a>: DOCM Memory
Corruption Vulnerability in Apache OpenOffice</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2013-2189.html">CVE-2013-2189</a>: DOC Memory
Corruption Vulnerability in Apache OpenOffice</li>
+ <li><a href="cves/CVE-2013-4156.html">CVE-2013-4156</a>: DOCM Memory
Corruption Vulnerability in Apache OpenOffice</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 3.4.1</h3>
+ <h3>Fixed in Apache OpenOffice 3.4.1</h3>
-<ul>
- <li><a href="cves/CVE-2012-2665.html">CVE-2012-2665</a>: Manifest-processing
errors in Apache OpenOffice 3.4.0</li>
- <li><a href="cves/CVE-2013-1571.html">CVE-2013-1571</a>: Frame Injection
Vulnerability in SDK JavaDoc</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2012-2665.html">CVE-2012-2665</a>:
Manifest-processing errors in Apache OpenOffice 3.4.0</li>
+ <li><a href="cves/CVE-2013-1571.html">CVE-2013-1571</a>: Frame Injection
Vulnerability in SDK JavaDoc</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 3.4.0</h3>
+ <h3>Fixed in Apache OpenOffice 3.4.0</h3>
-<ul>
- <li><a href="cves/CVE-2012-1149.html">CVE-2012-1149</a>: OpenOffice.org
integer overflow error in vclmi.dll module when allocating memory for an
embedded image object</li>
- <li><a href="cves/CVE-2012-2149.html">CVE-2012-2149</a>: OpenOffice.org
memory overwrite vulnerability</li>
- <li><a href="cves/CVE-2012-2334.html">CVE-2012-2334</a>: Vulnerabilities
related to malformed Powerpoint files in OpenOffice.org 3.3.0</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2012-1149.html">CVE-2012-1149</a>: OpenOffice.org
integer overflow error in vclmi.dll module when allocating memory for an
embedded image object</li>
+ <li><a href="cves/CVE-2012-2149.html">CVE-2012-2149</a>: OpenOffice.org
memory overwrite vulnerability</li>
+ <li><a href="cves/CVE-2012-2334.html">CVE-2012-2334</a>: Vulnerabilities
related to malformed Powerpoint files in OpenOffice.org 3.3.0</li>
+ </ul>
-<h3>Patches for OpenOffice.org 3.3</h3>
+ <h3>Patches for OpenOffice.org 3.3</h3>
-<ul>
- <li><a href="cves/CVE-2012-0037.html">CVE-2012-0037</a>: OpenOffice.org data
leakage vulnerability</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2012-0037.html">CVE-2012-0037</a>: OpenOffice.org
data leakage vulnerability</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.3</h3>
+ <h3>Fixed in OpenOffice.org 3.3</h3>
-<ul>
- <li><a href="cves/CVE-2010-2935_CVE-2010-2936.html">CVE-2010-2935 /
CVE-2010-2936</a>: Security Vulnerability in OpenOffice.org related to
PowerPoint document processing</li>
- <li><a href="cves/CVE-2010-3450.html">CVE-2010-3450</a>: Security
Vulnerability in OpenOffice.org related to Extensions and filter package
files</li>
- <li><a href="cves/CVE-2010-3451_CVE-2010-3452.html">CVE-2010-3451 /
CVE-2010-3452</a>: Security Vulnerability in OpenOffice.org related to RTF
document processing </li>
- <li><a href="cves/CVE-2010-3453_CVE-2010-3454.html">CVE-2010-3453 /
CVE-2010-3454</a>: Security Vulnerability in OpenOffice.org related to Word
document processing </li>
- <li><a href="cves/CVE-2010-3689.html">CVE-2010-3689</a>: Insecure
LD_LIBRARY_PATH usage in OpenOffice.org shell scripts </li>
- <li><a href="cves/CVE-2010-3702_CVE-2010-3704.html">CVE-2010-3702 /
CVE-2010-3704</a>: Security Vulnerability in OpenOffice.org's PDF Import
extension resulting from 3rd party library XPDF</li>
- <li><a href="cves/CVE-2010-4008_CVE-2010-4494.html">CVE-2010-4008 /
CVE-2010-4494</a>: Possible Security Vulnerability in OpenOffice.org resulting
from 3rd party library LIBXML2 </li>
- <li><a href="cves/CVE-2010-4253.html">CVE-2010-4253</a>: Security
Vulnerability in OpenOffice.org related to PNG file processing </li>
- <li><a href="cves/CVE-2010-4643.html">CVE-2010-4643</a>: Security
Vulnerability in OpenOffice.org related to TGA file processing </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2010-2935_CVE-2010-2936.html">CVE-2010-2935 /
CVE-2010-2936</a>: Security Vulnerability in OpenOffice.org related to
PowerPoint document processing</li>
+ <li><a href="cves/CVE-2010-3450.html">CVE-2010-3450</a>: Security
Vulnerability in OpenOffice.org related to Extensions and filter package
files</li>
+ <li><a href="cves/CVE-2010-3451_CVE-2010-3452.html">CVE-2010-3451 /
CVE-2010-3452</a>: Security Vulnerability in OpenOffice.org related to RTF
document processing </li>
+ <li><a href="cves/CVE-2010-3453_CVE-2010-3454.html">CVE-2010-3453 /
CVE-2010-3454</a>: Security Vulnerability in OpenOffice.org related to Word
document processing </li>
+ <li><a href="cves/CVE-2010-3689.html">CVE-2010-3689</a>: Insecure
LD_LIBRARY_PATH usage in OpenOffice.org shell scripts </li>
+ <li><a href="cves/CVE-2010-3702_CVE-2010-3704.html">CVE-2010-3702 /
CVE-2010-3704</a>: Security Vulnerability in OpenOffice.org's PDF Import
extension resulting from 3rd party library XPDF</li>
+ <li><a href="cves/CVE-2010-4008_CVE-2010-4494.html">CVE-2010-4008 /
CVE-2010-4494</a>: Possible Security Vulnerability in OpenOffice.org resulting
from 3rd party library LIBXML2 </li>
+ <li><a href="cves/CVE-2010-4253.html">CVE-2010-4253</a>: Security
Vulnerability in OpenOffice.org related to PNG file processing </li>
+ <li><a href="cves/CVE-2010-4643.html">CVE-2010-4643</a>: Security
Vulnerability in OpenOffice.org related to TGA file processing </li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.2.1</h3>
+ <h3>Fixed in OpenOffice.org 3.2.1</h3>
-<ul>
- <li><a href="cves/CVE-2009-3555.html">CVE-2009-3555</a>: OpenOffice.org 2
and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party
Libraries</li>
- <li><a href="cves/CVE-2010-0395.html">CVE-2010-0395</a>: Security
vulnerability in OpenOffice.org related to python scripting</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2009-3555.html">CVE-2009-3555</a>: OpenOffice.org 2
and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party
Libraries</li>
+ <li><a href="cves/CVE-2010-0395.html">CVE-2010-0395</a>: Security
vulnerability in OpenOffice.org related to python scripting</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.2</h3>
+ <h3>Fixed in OpenOffice.org 3.2</h3>
-<ul>
- <li><a href="cves/CVE-2006-4339.html">CVE-2006-4339</a>: Potential
vulnerability from 3rd party libxml2 libraries</li>
- <li><a href="cves/CVE-2009-0217.html">CVE-2009-0217</a>: Potential
vulnerability from 3rd party libxmlsec libraries</li>
- <li><a href="cves/CVE-2009-2493.html">CVE-2009-2493</a>: OpenOffice.org 3
for Windows bundles a vulnerable version of MSVC Runtime</li>
- <li><a href="cves/CVE-2009-2949.html">CVE-2009-2949</a>: Potential
vulnerability related to XPM file processing</li>
- <li><a href="cves/CVE-2009-2950.html">CVE-2009-2950</a>: Potential
vulnerability related to GIF file processing</li>
- <li><a href="cves/CVE-2009-3301-3302.html">CVE-2009-3301/2</a>: Potential
vulnerability related to MS-Word document processing</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2006-4339.html">CVE-2006-4339</a>: Potential
vulnerability from 3rd party libxml2 libraries</li>
+ <li><a href="cves/CVE-2009-0217.html">CVE-2009-0217</a>: Potential
vulnerability from 3rd party libxmlsec libraries</li>
+ <li><a href="cves/CVE-2009-2493.html">CVE-2009-2493</a>: OpenOffice.org 3
for Windows bundles a vulnerable version of MSVC Runtime</li>
+ <li><a href="cves/CVE-2009-2949.html">CVE-2009-2949</a>: Potential
vulnerability related to XPM file processing</li>
+ <li><a href="cves/CVE-2009-2950.html">CVE-2009-2950</a>: Potential
vulnerability related to GIF file processing</li>
+ <li><a href="cves/CVE-2009-3301-3302.html">CVE-2009-3301/2</a>: Potential
vulnerability related to MS-Word document processing</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.1.1</h3>
+ <h3>Fixed in OpenOffice.org 3.1.1</h3>
-<ul>
- <li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 /
CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows
and arbitrary code execution</li>
- <li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 /
CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code
execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 /
CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows
and arbitrary code execution</li>
+ <li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 /
CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code
execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.1</h3>
+ <h3>Fixed in OpenOffice.org 3.1</h3>
-<ul>
- <li>No security vulnerabilities fixed in this release</li>
-</ul>
+ <ul>
+ <li>No security vulnerabilities fixed in this release</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.0.1</h3>
+ <h3>Fixed in OpenOffice.org 3.0.1</h3>
-<ul>
- <li>No security vulnerabilities fixed in this release</li>
-</ul>
+ <ul>
+ <li>No security vulnerabilities fixed in this release</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.0</h3>
+ <h3>Fixed in OpenOffice.org 3.0</h3>
-<ul>
- <li>No security vulnerabilities fixed in this release</li>
-</ul>
+ <ul>
+ <li>No security vulnerabilities fixed in this release</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.4.3</h3>
+ <h3>Fixed in OpenOffice.org 2.4.3</h3>
-<ul>
- <li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 /
CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows
and arbitrary code execution</li>
- <li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 /
CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code
execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 /
CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows
and arbitrary code execution</li>
+ <li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 /
CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code
execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.4.2</h3>
+ <h3>Fixed in OpenOffice.org 2.4.2</h3>
-<ul>
- <li><a href="cves/CVE-2008-2237.html">CVE-2008-2237</a>: Manipulated WMF
files can lead to heap overflows and arbitrary code execution</li>
- <li><a href="cves/CVE-2008-2238.html">CVE-2008-2238</a>: Manipulated EMF
files can lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2008-2237.html">CVE-2008-2237</a>: Manipulated WMF
files can lead to heap overflows and arbitrary code execution</li>
+ <li><a href="cves/CVE-2008-2238.html">CVE-2008-2238</a>: Manipulated EMF
files can lead to heap overflows and arbitrary code execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.4.1</h3>
+ <h3>Fixed in OpenOffice.org 2.4.1</h3>
-<ul>
- <li><a href="cves/CVE-2008-2152.html">CVE-2008-2152</a>: Different kinds of
manipulated files may lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2008-2152.html">CVE-2008-2152</a>: Different kinds
of manipulated files may lead to heap overflows and arbitrary code
execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.4</h3>
+ <h3>Fixed in OpenOffice.org 2.4</h3>
-<ul>
- <li><a href="cves/CVE-2007-4770.html">CVE-2007-4770/4771</a>: Manipulated
ODF text documents containing XForms can lead to heap overflows and arbitrary
code execution</li>
- <li><a href="cves/CVE-2007-5745.html">CVE-2007-5745/5747</a>: Manipulated
Quattro Pro files can lead to heap overflows and arbitrary code execution</li>
- <li><a href="cves/CVE-2007-5746.html">CVE-2007-5746</a>: Manipulated EMF
files can lead to heap overflows and arbitrary code execution</li>
- <li><a href="cves/CVE-2008-0320.html">CVE-2008-0320</a>: Manipulated OLE
files can lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-4770.html">CVE-2007-4770/4771</a>: Manipulated
ODF text documents containing XForms can lead to heap overflows and arbitrary
code execution</li>
+ <li><a href="cves/CVE-2007-5745.html">CVE-2007-5745/5747</a>: Manipulated
Quattro Pro files can lead to heap overflows and arbitrary code execution</li>
+ <li><a href="cves/CVE-2007-5746.html">CVE-2007-5746</a>: Manipulated EMF
files can lead to heap overflows and arbitrary code execution</li>
+ <li><a href="cves/CVE-2008-0320.html">CVE-2008-0320</a>: Manipulated OLE
files can lead to heap overflows and arbitrary code execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.3.1</h3>
+ <h3>Fixed in OpenOffice.org 2.3.1</h3>
-<ul>
- <li><a href="cves/CVE-2007-4575.html">CVE-2007-4575</a>: Potential arbitrary
code execution vulnerability in 3rd party module (HSQLDB)</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-4575.html">CVE-2007-4575</a>: Potential
arbitrary code execution vulnerability in 3rd party module (HSQLDB)</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.3</h3>
+ <h3>Fixed in OpenOffice.org 2.3</h3>
-<ul>
- <li><a href="cves/CVE-2007-2834.html">CVE-2007-2834</a>: Manipulated TIFF
files can lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-2834.html">CVE-2007-2834</a>: Manipulated TIFF
files can lead to heap overflows and arbitrary code execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.2.1</h3>
+ <h3>Fixed in OpenOffice.org 2.2.1</h3>
-<ul>
- <li><a href="cves/CVE-2007-2754.html">CVE-2007-2754</a>: Integer overflow
and heap-based buffer overflow vulnerability in 3rd party module (freetype)</li>
- <li><a href="cves/CVE-2007-0245.html">CVE-2007-0245</a>: Manipulated RTF
files can lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-2754.html">CVE-2007-2754</a>: Integer overflow
and heap-based buffer overflow vulnerability in 3rd party module (freetype)</li>
+ <li><a href="cves/CVE-2007-0245.html">CVE-2007-0245</a>: Manipulated RTF
files can lead to heap overflows and arbitrary code execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.2</h3>
+ <h3>Fixed in OpenOffice.org 2.2</h3>
-<ul>
- <li><a href="cves/CVE-2007-0239.html">CVE-2007-0239</a>: URL Handling
Security Vulnerability (Linux/Solaris)</li>
- <li><a href="cves/CVE-2007-0238.html">CVE-2007-0238</a>: StarCalc
Vulnerability</li>
- <li><a href="cves/CVE-2007-2.html">CVE-2007-002</a>: WordPerfect Import
Vulnerability</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-0239.html">CVE-2007-0239</a>: URL Handling
Security Vulnerability (Linux/Solaris)</li>
+ <li><a href="cves/CVE-2007-0238.html">CVE-2007-0238</a>: StarCalc
Vulnerability</li>
+ <li><a href="cves/CVE-2007-2.html">CVE-2007-002</a>: WordPerfect Import
Vulnerability</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.1</h3>
+ <h3>Fixed in OpenOffice.org 2.1</h3>
-<ul>
- <li><a href="cves/CVE-2006-5870.html">CVE-2006-5870</a>: WMF/EMF Processing
Failures</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2006-5870.html">CVE-2006-5870</a>: WMF/EMF
Processing Failures</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.0.3</h3>
+ <h3>Fixed in OpenOffice.org 2.0.3</h3>
-<ul>
- <li><a href="cves/CVE-2006-2199.html">CVE-2006-2199</a>: Java Applets</li>
- <li><a href="cves/CVE-2006-2198.html">CVE-2006-2198</a>: Macro</li>
- <li><a href="cves/CVE-2006-3117.html">CVE-2006-3117</a>: File Format</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2006-2199.html">CVE-2006-2199</a>: Java Applets</li>
+ <li><a href="cves/CVE-2006-2198.html">CVE-2006-2198</a>: Macro</li>
+ <li><a href="cves/CVE-2006-3117.html">CVE-2006-3117</a>: File Format</li>
+ </ul>
-<hr />
+ <hr />
-<p><a href="http://security.openoffice.org/";>Security Home</a> ->
- <a href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
-</p>
+ <p>
+ <a href="http://security.openoffice.org/";>Security Home</a> ->
+ <a href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+ </p>
diff --git a/content/security/cves/CVE-YYYY-XXXX.html
b/content/security/cves/CVE-YYYY-XXXX.html
index 2e4dea4..2311ce4 100644
--- a/content/security/cves/CVE-YYYY-XXXX.html
+++ b/content/security/cves/CVE-YYYY-XXXX.html
@@ -6,9 +6,9 @@
<link href="/css/ooo.css" rel="stylesheet" type="text/css">
- <title>CVE-YYYY-XXXX</title>
- <style type="text/css"></style>
-
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-YYYY-XXXXX</title>
+
<script src="https://www.apachecon.com/event-images/snippet.js";></script>
</head>
@@ -24,59 +24,81 @@
<div id="content">
- <h2><a
href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=YYYY-XXXX";>CVE-YYYY-XXXX</a></h2>
-
- <h3>
- Security vulnerability in OpenOffice.org related to
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- </h3>
-
- <ul>
- <li><strong>Synopsis:</strong>
-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- </li>
- <li><strong>State:</strong> Resolved</li>
- </ul>
-
- <h4>1. Impact</h4>
-
- <p>
-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- </p>
-
- <h4>2. Affected releases</h4>
-
- <ul>
- <li>All versions of OpenOffice.org 3 prior to version 3.3</li>
- <li>All versions of OpenOffice.org 2</li>
- </ul>
-
- <p>Note: Earlier versions of OpenOffice.org are no longer supported and will
not be evaluated regarding this issue.</p>
-
- <h4>3. Symptoms</h4>
-
- <p>There are no predictable symptoms that would indicate this issue has
occurred.</p>
-
- <h4>4. Relief/Workaround</h4>
-
- <p>
-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- </p>
-
- <h4>5. Resolution</h4>
-
- <p>This issue is addressed in the following release: <strong>OpenOffice.org
3.3</strong></p>
+ <p>
+ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=YYYY-XXXXX";>CVE-YYYY-XXXXX</a>
+ </p>
+ <p>
+ <a
href="https://www.openoffice.org/security/cves/CVE-YYYY-XXXXX.html";>Apache
OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>CVE-YYYY-XXXXX Short description of the problem</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice X.Y.Z</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ Long description of the problem
+ </p>
+ <p>
+ <strong>Severity: Choose from: High | Moderate | Low</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions X.Y.Z and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice X.Y.Z for the latest maintenance and
cumulative security fixes.
+ Use the Apache OpenOffice <a
href="https://www.openoffice.org/download/";>download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank Firstname
Lastname, Organization,
+ for discovering and reporting this attack vector.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/";>Apache OpenOffice Community
Forums</a>
+ or make requests to the
+ <a
href="mailto:us...@openoffice.apache.org";>us...@openoffice.apache.org</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be
found at the
+ <a href="https://www.openoffice.org/security/bulletin.html";>Bulletin
Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org";>Security Home</a>->
+ <a
href="https://www.openoffice.org/security/bulletin.html";>Bulletin</a>->
+ <a
href="https://www.openoffice.org/security/cves/CVE-YYYY-XXXXX.html";>CVE-YYYY-XXXXX</a>
+ </p>
- <h4>6. Comments</h4>
-
- <p>
-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- </p>
-
- <hr />
-
- <p><a href="//security/">Security Home</a> -> <a
href="//security/bulletin.html">Bulletin</a> ->
- <a href="//security/cves/CVE-YYYY-XXXX.html">CVE-YYYY-XXXX</a></p>
-
</div>
<!--#include virtual="/footer.html" -->
diff --git a/content/security/faq.html b/content/security/faq.html
index 7df13d4..976d737 100644
--- a/content/security/faq.html
+++ b/content/security/faq.html
@@ -6,12 +6,11 @@
<link href="/css/ooo.css" rel="stylesheet" type="text/css">
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache OpenOffice Security Team FAQ</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
+ <style>
+ /*<![CDATA[*/
+ hr { display: block }
/*]]>*/
</style>
@@ -30,180 +29,207 @@
<div id="content">
+
<a id="top" name="top"></a>
<h2>Apache OpenOffice Security Team FAQ</h2>
<ul>
<li><a href="#secure">Is OpenOffice secure?</a></li>
+ <li><a href="#genuine">How do I know my copy of OpenOffice is
genuine?</a></li>
+ <li><a href="#protect">How do I protect my copy of OpenOffice against
security issues?</a></li>
+ <li><a href="#verify">"The publisher of this software cannot be verified"
- what should I do?</a></li>
+ <li><a href="#viruses">How do I stop viruses attacking my copy of
OpenOffice?</a></li>
+ <li><a href="#macros">How do I protect against macro-viruses in
OpenOffice?</a></li>
+ <li><a href="#reporting">I am a developer - how do I report a security
vulnerability in OpenOffice?</a></li>
+ <li><a href="#bulletin">Where can I find a list of all the security
vulnerabilities fixed in OpenOffice?</a></li>
+ <li><a href="#alerts">How can I get email alerts about security
vulnerabilities fixed in OpenOffice?</a></li>
+ </ul>
- <li><a href="#genuine">How do I know my copy of OpenOffice is
- genuine?</a></li>
-
- <li><a href="#protect">How do I protect my copy of OpenOffice against
- security issues?</a></li>
-
- <li><a href="#verify">"The publisher of this software cannot be verified"
- - what should I do?</a></li>
-
- <li><a href="#viruses">How do I stop viruses attacking my copy of
- OpenOffice?</a></li>
+ <a id="secure" name="secure"></a>
- <li><a href="#macros">How do I protect against macro-viruses in
- OpenOffice?</a></li>
+ <h3>Is OpenOffice secure?</h3>
- <li><a href="#reporting">I am a developer - how do I report a security
- vulnerability in OpenOffice?</a></li>
+ <p>
+ The OpenOffice engineers take the security of the software very seriously.
We take great care to ensure
+ that our software is secure, and we will react promptly to any reports of
suspected security
+ vulnerabilities in our software.</p>
- <li><a href="#bulletin">Where can I find a list of all the security
- vulnerabilities fixed in OpenOffice?</a></li>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <li><a href="#alerts">How can I get email alerts about security
- vulnerabilities fixed in OpenOffice?</a></li>
- </ul><a id="secure" name="secure"></a>
+ <a id="genuine" name="genuine"></a>
- <h3>Is OpenOffice secure?</h3>
+ <h3>How do I know my copy of OpenOffice is genuine?</h3>
- <p>The OpenOffice engineers take the security of the software very
- seriously. We take great care to ensure that our software is secure, and we
- will react promptly to any reports of suspected security vulnerabilities in
- our software.</p>
+ <p>
+ Make sure you know where your copy of OpenOffice has come from. Download
from one of the sites listed in
+ <a href="/download">our download page</a>, or purchase from one of our CD
distributors.
+ <a href="../download/checksums.html">Use a checksum</a> to make sure your
copy has not been corrupted
+ before you install it.
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="genuine" name="genuine"></a>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <h3>How do I know my copy of OpenOffice is genuine?</h3>
+ <a id="protect" name="protect"></a>
- <p>Make sure you know where your copy of OpenOffice has come from.
- Download from one of the sites listed in <a href=
- "/download">our download page</a>, or purchase from
- one of our CD distributors.
- <a href="../download/checksums.html">Use a checksum</a>
- to make sure your copy has not been corrupted before you install it.</p>
+ <h3>How do I protect my copy of OpenOffice against security issues?</h3>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="protect" name="protect"></a>
+ <p>
+ We recommend all users install new versions of OpenOffice as soon as
practical after they are released.
+ Since version 2.1, OpenOffice has included a feature which will tell you
if a new version is available.
+ We recommend you switch this on <em>(Tools -> Options -> Online
Update -> Check for updates
+ automatically)</em>.
+ </p>
- <h3>How do I protect my copy of OpenOffice against security
- issues?</h3>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p>We recommend all users install new versions of OpenOffice as soon as
- practical after they are released. Since version 2.1, OpenOffice has
- included a feature which will tell you if a new version is available. We
- recommend you switch this on <em>(Tools -> Options -> Online Update
- -> Check for updates automatically)</em>.</p>
+ <a id="verify" name="verify"></a>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="verify" name="verify"></a>
+ <h3>"The publisher of this software cannot be verified" - what should I
do?</h3>
- <h3>"The publisher of this software cannot be verified" - what should I
- do?</h3>
+ <p>
+ When installing OpenOffice under Microsoft Windows, you may see a warning
message stating that the
+ publisher of the software could not be verified. It is safe to ignore this
message if you are confident
+ that your copy of OpenOffice came from a reputable source. If you have any
doubts about this, you can
+ check that the file has not been tampered with by
+ <a href="../download/checksums.html">using MD5 checksums</a>.
+ </p>
- <p>When installing OpenOffice under Microsoft Windows, you may see a
- warning message stating that the publisher of the software could not be
- verified. It is safe to ignore this message if you are confident that your
- copy of OpenOffice came from a reputable source. If you have any doubts
- about this, you can check that the file has not been tampered with by
- <a href="../download/checksums.html">using MD5 checksums</a>.</p>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="viruses" name="viruses"></a>
+ <a id="viruses" name="viruses"></a>
<h3>How do I stop viruses attacking my copy of OpenOffice?</h3>
- <p>If your computer becomes infected with a virus, it is possible that any
- program you have installed – including OpenOffice - may become
- corrupted. Your computer cannot catch a virus from fresh air. It can become
- infected if someone gives you any kind of media – floppy disk, CD, DVD,
- memory stick, memory card etc. – anything capable of holding data can also
- hold a virus. It can become infected if it is connected to any kind of
- network, including wireless. Connections to publicly accessible networks
- like the internet are particularly risky.</p>
+ <p>
+ If your computer becomes infected with a virus, it is possible that any
program you have installed -
+ including OpenOffice - may become corrupted. Your computer cannot catch a
virus from fresh air. It can
+ become infected if someone gives you any kind of media - floppy disk, CD,
DVD, memory stick, memory
+ card etc. - anything capable of holding data can also hold a virus. It can
become infected if it is
+ connected to any kind of network, including wireless. Connections to
publicly accessible networks like
+ the internet are particularly risky.
+ </p>
- <p>There is a whole range of things you can do to protect your computer –
- firewalls, anti-virus software, etc – please contact your PC supplier or IT
- department for details. If you suspect your PC has been infected, please
- seek specialist support.</p>
+ <p>
+ There is a whole range of things you can do to protect your computer -
firewalls, anti-virus software,
+ etc. please contact your PC supplier or IT department for details. If you
suspect your PC has been
+ infected, please seek specialist support.
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="macros" name="macros"></a>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
+
+ <a id="macros" name="macros"></a>
<h3>How do I protect against macro-viruses in OpenOffice?</h3>
- <p>Macros are a useful part of any office suite, allowing you to automate
- repetitive tasks. A macro can do anything you can do - including
- potentially destructive actions such as modifying and deleting files. A
- macro can attached to any OpenOffice file (document, spreadsheet,
- etc.).</p>
+ <p>
+ Macros are a useful part of any office suite, allowing you to automate
repetitive tasks. A macro can
+ do anything you can do - including potentially destructive actions such as
modifying and deleting
+ files. A macro can attached to any OpenOffice file (document, spreadsheet,
etc.).
+ </p>
+
+ <p>
+ Whenever OpenOffice detects macros in a document being opened, by default
it displays a warning and
+ will only run the macro if the you specifically agree.
+ </p>
- <p>Whenever OpenOffice detects macros in a document being opened, by
- default it displays a warning and will only run the macro if the you
- specifically agree.</p>
+ <p>
+ The safest rule is you should never open any OpenOffice file unless you
are sure where it has come from
+ and trust the sender. Note that it is very easy to falsify an email
address - if you have any doubt, do
+ not open the document until you have proved its identity. If you need to
exchange documents regularly.
+ we recommend the use of digital signatures to certify the origin of the
document.
+ </p>
- <p>The safest rule is you should never open any OpenOffice file unless
- you are sure where it has come from and trust the sender. Note that it is
- very easy to falsify an email address - if you have any doubt, do not open
- the document until you have proved its identity. If you need to exchange
- documents regularly, we recommend the use of digital signatures to certify
- the origin of the document.</p>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="reporting" name="reporting"></a>
+ <a id="reporting" name="reporting"></a>
- <h3>I am a developer - how do I report a security vulnerability in
- OpenOffice?</h3>
+ <h3>I am a developer - how do I report a security vulnerability in
OpenOffice?</h3>
- <p>Please report any suspected vulnerabilities to our <a href=
- "mailto:secur...@openoffice.apache.org";>Security Team</a>. We appreciate
- early confidential disclosure to give vendors of products and solutions
- based on OpenOffice time to react. We will coordinate the disclosure of
- your report with you.</p>
+ <p>
+ Please report any suspected vulnerabilities to our
+ <a href="mailto:secur...@openoffice.apache.org";>Security Team</a>. We
appreciate early confidential
+ disclosure to give vendors of products and solutions based on OpenOffice
time to react. We will
+ coordinate the disclosure of your report with you.
+ </p>
- <p>In your report, please include the following information:</p>
+ <p>
+ In your report, please include the following information:
+ </p>
<ul>
- <li>In which version of OpenOffice did you identify the problem (e.g.
- 3.3.0, 3.4.1, 4.0.0, etc.)?</li>
+ <li>
+ In which version of OpenOffice did you identify the problem (e.g. 3.3.0,
3.4.1, 4.0.0, etc.)?
+ </li>
- <li>What is the impact of the problem (data loss, denial of service,
- executing commands, etc.)?</li>
+ <li>
+ What is the impact of the problem (data loss, denial of service,
executing commands, etc.)?
+ </li>
- <li>How can the problem be reproduced?</li>
+ <li>
+ How can the problem be reproduced?
+ </li>
- <li>Is there an existing exploit?</li>
+ <li>
+ Is there an existing exploit?
+ </li>
- <li>Has the problem already been published?</li>
+ <li>
+ Has the problem already been published?
+ </li>
</ul>
- <p>After we receive your report, we will work on the evaluation and we will
- reply to you (typically in the next business day).</p>
+ <p>
+ After we receive your report, we will work on the evaluation and we will
reply to you (typically in the
+ next business day).
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="bulletin" name="bulletin"></a>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <h3>Where can I find a list of all the security vulnerabilities fixed in
- OpenOffice?</h3>
+ <a id="bulletin" name="bulletin"></a>
- <p>These are listed in our <a href=
- "/security/bulletin.html">Security
- Bulletin</a>.</p>
+ <h3>Where can I find a list of all the security vulnerabilities fixed in
OpenOffice?</h3>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="alerts" name="alerts"></a>
+ <p>
+ These are listed in our <a href="/security/bulletin.html">Security
Bulletin</a>.
+ </p>
- <h3>How can I get email alerts about security vulnerabilities fixed in
- OpenOffice?</h3>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p>Please read our <a href=
- "/security/alerts.html">Security Alerts</a>
- page.</p>
+ <a id="alerts" name="alerts"></a>
+
+ <h3>How can I get email alerts about security vulnerabilities fixed in
OpenOffice?</h3>
+
+ <p>
+ Please read our <a href="/security/alerts.html">Security Alerts</a> page.
+ </p>
+
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p>
<hr />
- <p><a href="/security/">Security Home</a> ->
- <a href="/security/faq.html">Security FAQ</a></p>
+ <p>
+ <a href="/security/">Security Home</a> -> <a
href="/security/faq.html">Security FAQ</a>
+ </p>
+
</div>
diff --git a/content/security/index.html b/content/security/index.html
index a18215f..76b77a0 100644
--- a/content/security/index.html
+++ b/content/security/index.html
@@ -7,15 +7,13 @@
<link href="/css/ooo.css" rel="stylesheet" type="text/css">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-
<title>Apache OpenOffice Security Team</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
+ <style>
+ /*<![CDATA[*/
+ hr { display: block }
/*]]>*/
</style>
-
<script src="https://www.apachecon.com/event-images/snippet.js";></script>
</head>
@@ -31,54 +29,78 @@
<div id="content">
- <h2>Apache OpenOffice Security Team</h2>
-
- <p>For general information about Apache OpenOffice security, please see our
- <a href="/security/faq.html">Frequently Asked
- Questions page</a>.</p>
-
- <p>For details of our security alerts by email service, please see our
- <a href="alerts.html">Security Alerts page</a>.</p>
-
- <p>OpenOffice is a complex piece of software developed by various
- teams. As such, it can contain security relevant bugs. If you are a
- software developer and you believe you have found a vulnerability in our
- source code, please contact our <a href=
- "mailto:secur...@openoffice.apache.org";>security team</a> so we can evaluate
- the problem and work on proper solution for our users and for future
- versions of our product.</p>
- <p>We appreciate early confidential disclosure to give vendors of products
- and solutions based on OpenOffice time to react. We will coordinate the
- disclosure of your report with you.</p>
+<h2>Apache OpenOffice Security Team</h2>
- <p>In your report, please include the following informations:</p>
+ <p>
+ For general information about Apache OpenOffice security, please see our
+ <a href="/security/faq.html">Frequently Asked Questions page</a>.
+ </p>
- <ul>
- <li>In which version of OpenOffice did you identify the problem?</li>
-
- <li>Do you have an official version of OpenOffice or e.g. a build
- from your GNU/Linux distribution (include the URL of the build if
- possible)?</li>
+ <p>
+ For details of our security alerts by email service, please see our
+ <a href="alerts.html">Security Alerts page</a>.
+ </p>
- <li>What is the impact of the problem (data loss, denial of service,
- executing commands, etc.)?</li>
+ <p>
+ OpenOffice is a complex piece of software developed by various teams. As
such, it can contain security
+ relevant bugs. If you are a software developer and you believe you have
found a vulnerability in our
+ source code, please contact our <a
href="mailto:secur...@openoffice.apache.org";>security team</a> so
+ we can evaluate the problem and work on proper solution for our users and
for future versions of our
+ product.
+ </p>
- <li>How can the problem be reproduced?</li>
+ <p>
+ We appreciate early confidential disclosure to give vendors of products
and solutions based on
+ OpenOffice time to react. We will coordinate the disclosure of your report
with you.
+ </p>
- <li>Is there an existing exploit?</li>
+ <p>
+ In your report, please include the following informations.
+ </p>
- <li>Has the problem already been published?</li>
+ <ul>
+ <li>
+ In which version of OpenOffice did you identify the problem?
+ </li>
+
+ <li>
+ Do you have an official version of OpenOffice or e.g. a build from your
GNU/Linux distribution
+ (include the URL of the build if possible)?
+ </li>
+
+ <li>
+ What is the impact of the problem (data loss, denial of service,
executing commands, etc.)?
+ </li>
+
+ <li>
+ How can the problem be reproduced?
+ </li>
+
+ <li>
+ Is there an existing exploit?
+ </li>
+
+ <li>
+ Has the problem already been published?
+ </li>
</ul>
- <p>After we receive your report, we will work on the evaluation and we will
- reply to you (typically in the next business days).</p>
+ <p>
+ After we receive your report, we will work on the evaluation and we will
reply to you (typically in the
+ next business days).
+ </p>
+
+ <p>
+ Vulnerabilities which have been resolved are listed in our <a
href="bulletin.html">Bulletin</a>.
+ </p>
- <p>Vulnerabilities which have been resolved are listed in our <a href=
- "bulletin.html">Bulletin</a>.</p>
<hr />
- <p><a href="/security/">Security Home</a></p>
+ <p>
+ <a href="/security/">Security Home</a>
+ </p>
+
</div>
