Issue 106816 - fix CVE-2009-1563 in Mozilla code shipped with OpenOffice.org
Summary: fix CVE-2009-1563 in Mozilla code shipped with OpenOffice.org
Status: CLOSED FIXED
Alias: None
Product: Base
Classification: Application
Component: code (show other issues)
Version: DEV300m4
Hardware: Sun All
: P3 Trivial (vote)
Target Milestone: OOo 3.2
Assignee: Frank Schönheit
QA Contact: issues@dba
URL: http://www.mozilla.org/security/annou...
Keywords:
Depends on:
Blocks: 99999
  Show dependency tree
 
Reported: 2009-11-11 12:40 UTC by Frank Schönheit
Modified: 2017-05-20 10:20 UTC (History)
3 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.
Description Frank Schönheit 2009-11-11 12:40:47 UTC 
The recently disclosed CVE-2009-1563
(http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1563) needs to be fixed
in the upcoming OpenOffice.org 3.2 release, which ships with nspr4 lib,
containing the flawed code.
Comment 1 malte_timmermann 2009-11-12 10:20:44 UTC 
Just for clarification: We think that OOo is not affected by this issue, so this
issue is only here because we don't want to continue shipping a vulnerable
version of nspr
Comment 2 Frank Schönheit 2009-11-17 11:55:08 UTC 
fixed in CWS dba32j

find more information about this CWS, like when it is available in the master
builds, in EIS, the Environment Information System:
http://eis.services.openoffice.org/EIS2/cws.ShowCWS?Path=DEV300%2Fdba32j
Comment 3 Frank Schönheit 2009-11-25 07:32:47 UTC 
VERIFIED