Summary: | CVE-2013-1752 and CVE-2013-4238: upgrade python to 3.3.3 for python33.dll vulnerable according to Secunia and Python | ||
---|---|---|---|
Product: | LibreOffice | Reporter: | Peter Stendahl-Juvonen <peter.stendahl-juvonen> |
Component: | Libreoffice | Assignee: | Michael Stahl <mst.fdo> |
Status: | RESOLVED FIXED | QA Contact: | |
Severity: | major | ||
Priority: | medium | CC: | alexander.buchner, caolanm, niko.bockerman |
Version: | 4.1.4.2 release | ||
Hardware: | Other | ||
OS: | Windows (All) | ||
Whiteboard: | target:4.3.0 target:4.2.0.2 target:4.1.5 | ||
i915 platform: | i915 features: | ||
Attachments: | C:\Program Files (x86)\LibreOffice 4\program\python33.dll is vulnerable according to Secunia and Python |
Description
Peter Stendahl-Juvonen
2013-12-28 05:59:03 UTC
Your dll looks differen from mine (i downloaded attachment to c:\temp) C:\temp>md5 -v 2.2 (2008-01-14) C:\temp>md5 "C:\Program Files (x86)\LibreOffice 4\program\python3.dll" C8AB7B1D60B0D0E8AE70C625C9F4A76E C:\Program Files (x86)\LibreOffice 4\program\python3.dll C:\temp>md5 python33.dll 2C168A75276C9DC9BA0274A91B4D5940 python33.dll C:\temp> Your file is python3.dll (not python33.dll), hence different MD5. Michael Stahl committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=45c537a1185dfca7e51229dde9e9220e5174bd57 fdo#73087: python3: upgrade to version 3.3.3 The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c5ab946abfe3b2c60253e3c724eee2be0bda0b81&h=libreoffice-4-2 fdo#73087: python3: upgrade to version 3.3.3 It will be available in LibreOffice 4.2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. fixed on master and 4.2; review for 4.1 pending in gerrit. Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=5d207e1a819a679738e0299972cef3d280122596&h=libreoffice-4-1 fdo#73087: python3: upgrade to version 3.3.3 It will be available in LibreOffice 4.1.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.