openoffice-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r821977 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/ content/fi/tt/CVE-2012-0037.html
Date Sat, 16 Jun 2012 07:21:06 GMT
Author: buildbot
Date: Sat Jun 16 07:21:06 2012
New Revision: 821977

Log:
Staging update by buildbot for openofficeorg

Added:
  websites/staging/ooo-site/trunk/content/fi/tt/CVE-2012-0037.html
Modified:
  websites/staging/ooo-site/trunk/cgi-bin/  (props changed)
  websites/staging/ooo-site/trunk/content/  (props changed)

Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Jun 16 07:21:06 2012
@@ -1 +1 @@
-1350862
+1350877

Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Sat Jun 16 07:21:06 2012
@@ -1 +1 @@
-1350862
+1350877

Added: websites/staging/ooo-site/trunk/content/fi/tt/CVE-2012-0037.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/fi/tt/CVE-2012-0037.html (added)
+++ websites/staging/ooo-site/trunk/content/fi/tt/CVE-2012-0037.html Sat Jun 16 07:21:06 2012
@@ -0,0 +1,208 @@
+<!--#include virtual="/doctype.html" -->
+<html>
+<head>
+<link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+
+<meta http-equiv="content-type" content="text/html; charset=UTF-8">
+<link href="CVE-2012-0037_tiedostot/ooo.css" rel="stylesheet" type="text/css">
+
+
+ <title>CVE-2012-0037</title>
+ <style type="text/css"></style>
+
+
+</head>
+<body>
+<!--#include virtual="/fi/brand.html" -->
+ <div id="topbara">
+  <!--#include virtual="/fi/topnav.html" -->
+  <div id="breadcrumbsa"><a href="/">home</a>&nbsp;&raquo;&nbsp;<a
href="/fi/">fi</a>&nbsp;&raquo;&nbsp;<a href="/fi/tt/">tt</a></div>
+ </div>
+ <div id="clear"></div>
+ 
+ 
+ <div id="content">
+  
+  
+  
+ <div id="bannera">
+  <div id="bannerleft"><img id="ooo-logo" alt="Apache OpenOffice (incubating)"
src="CVE-2012-0037_tiedostot/OOo_Website_v2_copy.png"></div>
+  <div id="bannerright">
+   <a title="Apache Incubator" href="http://incubator.apache.org/"><img id="asf-logo"
alt="Apache Incubator" src="CVE-2012-0037_tiedostot/apache-incubator-logo.png"></a>
+   <div style="relative; margin: 14px 0 0 0; height: 24px;">
+	<form id="cse-search-box-header" action="http://www.google.com/search" method="get">
+	 <div>
+	  <input name="domains" value="www.openoffice.org" type="hidden">
+	  <input name="sitesearch" value="www.openoffice.org" type="hidden">
+	 </div>
+	 <div class="topsrchbox">
+	  <input name="resultsPerPage" value="40" type="hidden"> 
+	  <input name="q" id="query" type="text">
+	  <input name="Button" value="search" class="topsrchbutton" type="submit">
+	 </div>
+	</form>
+   </div>
+  </div>
+  <div id="bannercenter"><br>(incubating) | The Free and Open Productivity
Suite</div>
+ </div>
+ <div id="announce"><a href="http://www.openoffice.org/news/aoo34.html" title="Read
the announcement">Announcing Apache OpenOffice 3.4</a></div>
+
+ <div id="topbara">
+  <div id="topnava"><ul>
+<li><a href="http://www.openoffice.org/product/index.html" title="Apache OpenOffice
product description">Product</a></li>
+<li><a href="http://www.openoffice.org/download/index.html" title="Download OpenOffice.org">Download</a></li>
+<li><a href="http://www.openoffice.org/support/index.html" title="Find Support for
OpenOffice.org">Support</a></li>
+<li><a href="http://www.openoffice.org/extensions/index.html" title="Extensions
and Templates for OpenOffice">Extend</a></li>
+<li><a href="http://incubator.apache.org/openofficeorg/get-involved.html" title="Get
involved in Apache OpenOffice (incubating)">Develop</a></li>
+<li><a href="http://www.openoffice.org/projects/accepted.html" title="Apache OpenOffice
development focus areas">Focus Areas</a></li>
+<li><a href="http://www.openoffice.org/projects/native-lang.html" title="Apache
OpenOffice in your Native Language">Kielet</a></li>
+</ul></div>
+
+  <div id="breadcrumbsa"><a href="http://www.openoffice.org/">home</a>&nbsp;»&nbsp;<a
href="http://www.openoffice.org/security/">security</a>&nbsp;»&nbsp;<a
href="http://www.openoffice.org/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+ 
+ 
+ <div id="content">
+  
+  
+  
+ <h2><a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-0037">CVE-2012-0037</a></h2>
+
+ <h3>
+ OpenOffice.org - tietovuotohaavoittuvuus
+ </h3>
+
+  <ul>  
+  
+    <h4>Merkityksellisyys: Tärkeä</h4>
+
+    <h4>Toimittaja: The Apache Software Foundation</h4>
+    
+    <h4>Koskee versioita:</h4>
+                 <ul>
+                   <li>OpenOffice.org 3.3 ja 3.4 Beta, kaikilla alustoilla.</li>
+                   <li>Voi koskea myös varhempia versioita.</li>
+                 </ul>
+      
+
+<h4>Kuvaus:</h4>
+<p>
+	Kuvaus: Hyökkäys, joka kohdistuu XML:n ulkoiseen entiteettiin (XXE) on mahdollinen
yllämainituissa OpenOffice.org-versioissa. 
+	Tässä haavoittuvuudessa käytetään hyväksi tapaa, jolla ulkoisia entiteettejä
käsitellään tietyissä ODF-asiakirjojen XML-komponenteissa. 
+	Käsittelemällä ulkoisen entiteetin viittausta toiseen paikallisen tiedostojärjestelmän
resurssiin 
+	hyökkääjän on mahdollista pistää toisten paikallisten tiedostojen sisältöä
ODF-asiakirjaan käyttäjän tietämättä ja luvatta.
+	Tietovuoto tulee sitten mahdolliseksi, kun asiakirjaa myöhemmin jaetaan toisille osapuolille.</p>
+
+    <h4>Lieventäminen</h4>
+    <p>OpenOffice.org 3.3.0 ja 3.4 beta -käyttäjät voivat paikata asentamansa
ohjelmiston oheisilla korjauksilla. 
+			Lataa, pura ja seuraa pakettiin kuuluvan readme.pdf-tiedoston ohjeita (englanniksi) tai
lue ne <a href="Lueminut_CVEsuom.pdf">suomenoksesta</a>.</p>
+
+    <ul>
+      <li><a href="http://www.apache.org/dyn/closer.cgi/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip">Windows-asennuksille</a>

+(<a href="http://www.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip.md5">MD5</a>)

+(<a href="http://www.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip.sha1">SHA1</a>)</li>
+
+      <li><a href="http://www.apache.org/dyn/closer.cgi/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip">MacOS-asennuksille</a>

+(<a href="http://www.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip.md5">MD5</a>)

+(<a href="http://www.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip.sha1">SHA1</a>)</li>
+      <li>Linux- ja muiden alustojen käyttäjien tulee kysyä jakelunsa
tai käyttäjärjetelmänsä toimittajalta ohjeita korjaukseen.</li>
+    </ul>
+
+    <p>Tämä haavoittuvuus on myös jo korjattu Apache OpenOffice 3.4 dev
-kokeiluversioissa alkaen 1. maaliskuuta, 2012.</p>
+
+
+<h4>Ladattujen tiedostojen varmennus</h4>
+
+<p>
+We have provided MD5 and SHA1 hashes of these patches, as well as a 
+detached digital signature, for those who wish to verify the integrity 
+of these files.
+</p><p>
+The MD5 and SHA1 hashes can be verified using Unix tools like sha1, sha1sum or md5sum. 
+</p><p>
+The PGP signatures can be verified using PGP or GPG. First download the <a href="http://www.apache.org/dist/incubator/ooo/KEYS">KEYS</a>
+ file, as well as the asc signature file for the particular patch from 
+above. Make sure you get these files from the main distribution 
+directory, rather than from a mirror. Then verify the signatures as 
+follows:
+</p><p>
+<code>
+% pgpk -a KEYS <br>
+% pgpv CVE-2012-0037-{win|mac}.zip.asc <br>
+</code>
+<em>or</em>
+<br>
+<code>
+% pgp -ka KEYS <br>
+% pgp CVE-2012-0037-{win|mac}.zip.asc <br>
+</code>
+<em>or</em>
+<br>
+<code>
+% gpg --import KEYS <br>
+% gpg --verify CVE-2012-0037-{win|mac}.zip.asc <br>
+</code>
+
+
+
+
+    </p><h4>Source and Building</h4>
+    <p>Information on obtaining the source code for this patch, and for porting
it or adapting it to OpenOffice.org 
+    derivatives can be found <a href="http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt">here</a>.</p>
+
+    <h4>Arvonanto:</h4>
+    <p>
+     The Apache OpenOffice -projekti antaa tunnustuksen ja kiittää tämän
pulman löytäjää, Timothy D. Morgania Virtual Security 
+			Researchistä, LLC:stä.
+     </p>
+
+	<h4>Epävirallisia käännöksiä:</h4>
+    <ul>
+			<li><a href="http://www.openoffice.org/it/stampa/comunicati/CVE-2012-0037.html">Italiaksi</a></li>
+			<li>tämä sivu</li>
+     </ul>
+
+	
+ <hr>
+
+ <p><a href="http://security.openoffice.org/">Security Home</a> -&gt;
<a href="http://security.openoffice.org/bulletin.html">Bulletin</a> -&gt;

+ <a href="http://security.openoffice.org/security/cves/CVE-2012-0037.html">CVE-2012-0037</a></p>
+
+ </ul></div>
+
+ <div id="footera">
+  <div id="poweredbya"><p><img src="CVE-2012-0037_tiedostot/feather-small.gif"
alt="Apache Feather"></p></div>
+  <div id="copyrighta">
+   <p style="text-align:center;">
+	<a href="http://www.openoffice.org/license.html">Copyright &amp; License</a>
| <a href="http://www.openoffice.org/privacy.html">Privacy</a> | <a href="http://www.openoffice.org/contact_us.html">Contact
Us</a>
+   </p>
+   <p>
+	Apache and the Apache feather logos are trademarks of The Apache Software Foundation.
+	OpenOffice.org and the seagull logo are registered trademarks of The Apache Software Foundation.
+	Other names appearing on the site may be trademarks of their respective owners.
+   </p>
+   <p>
+	Apache OpenOffice is an effort undergoing incubation at The Apache 
+Software Foundation (ASF), sponsored by the Apache Incubator.
+	Incubation is required of all newly accepted projects until a further 
+review indicates that the infrastructure, communications, and
+	decision making process	have stabilized in a manner consistent with 
+other successful ASF projects. While incubation status is
+	not necessarily a reflection of the completeness or stability of the 
+code, it does indicate that the project has
+	yet to be fully endorsed by the ASF.</p>
+  </div>
+ </div>
+
+
+
+
+
+ </div>
+
+<!--#include virtual="/footer.html" -->
+
+</body>
+</html>Mime
View raw message