openoffice.org

Several security related problems have been discovered in
OpenOffice.org, the free office suite. The Common Vulnerabilities and
Exposures project identifies the following problems:

• CVE-2007-5745, CVE-2007-5747
  Several bugs have been discovered in the way OpenOffice.org parses
  Quattro Pro files that may lead to a overflow in the heap
  potentially leading to the execution of arbitrary code.
• CVE-2007-5746
  Specially crafted EMF files can trigger a buffer overflow in the
  heap that may lead to the execution of arbitrary code.
• CVE-2008-0320
  A bug has been discovered in the processing of OLE files that can
  cause a buffer overflow in the heap potentially leading to the
  execution of arbitrary code.

Recently reported problems in the ICU library are fixed in separate
libicu packages with DSA 1511 against which OpenOffice.org is linked.

For the old stable distribution (sarge) these problems have been fixed in
version 1.1.3-9sarge9.

For the stable distribution (etch) these problems have been fixed in
version 2.0.4.dfsg.2-7etch5.

For the testing (lenny) and unstable (sid) distributions these
problems have been fixed in version 2.4.0~ooh680m5-1.

We recommend that you upgrade your openoffice.org packages.