[Backports-security-announce] Security update for openoffice.org

Rene Engelhard uploaded new packages for openoffice.org which fixed the
following security problems:

Debian BTS #496361

left-over debugging echos writing into an insecure temp file can allow
attackers to overwrite files on the system with the prvilieges of the user
executing senddoc (File -> Send)

CVE-2008-2237
A security vulnerability with the way OpenOffice 2.x process WMF files
may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
StarOffice/StarSuite

CVE-2008-2238
A security vulnerability with the way OpenOffice 2.x process EMF files
may allow a remote unprivileged user who provides a
StarOffice/StarSuite document that is opened by a local user to execute
arbitrary commands on the system with the privileges of the user running
StarOffice/StarSuite.

For the etch-backports distribution the problems have been fixed in
version 1:2.4.1-12~bpo40+1.

For the lenny and sid distribution the problems have been fixed in
version 1:2.4.1-12.

Upgrade instructions

If you don't use pinning (see [1]) you have to update the packages
manually via "apt-get -t etch-backports install <packagelist>" with the
packagelist of your installed packages affected by this update.
[1] <http://backports.org/dokuwiki/doku.php?id=instructions&gt;

We recommend to pin the backports repository to 200 so that new versions
of installed backports will be installed automatically:

Package: *
Pin: release a=etch-backports
Pin-Priority: 200