Apache OpenOffice (AOO) Bugzilla – Issue 104149
libxml2 needs to be updated - security fixes
Last modified: 2009-10-02 11:21:08 UTC
For details, see http://www.debian.org/security/2009/dsa-1859 It is not clear if OOo is affected by these issues, but since we don't want to ship a 3rd party lib with known security issues, the lib will be updated ASAP.
added keyword "security", target ooo 3.1.1
Fixed as SVN cws/sb114/libxml2/libxml2-2.6.31.patch -r 274864 by merging in the difference between <http://ftp.debian.org/debian/pool/main/libx/libxml2/libxml2_2.6.32.dfsg-5.diff.gz> and <http://security.debian.org/pool/updates/main/libx/libxml2/libxml2_2.6.32.dfsg-5+lenny1.diff.gz> (which appears to also apply cleanly to the libxml2 2.6.31 source base checked into OOo). Given that <http://xmlsoft.org/news.html> does not list any security fixes for libxml2 2.6.32 (so that we do not appear to miss any security fixes if we do not upgrade from 2.6.31 to 2.6.32) and that <http://xmlsoft.org/news.html> lists libxml2 2.7.3 as the latest release of libxml2 (so that it does not appear that we would get the latest and greatest, anyway, if we did upgrade from 2.6.31 to 2.6.32; though I do not know what the compatibility story is between libxml2 2.6 and 2.7), and given that the Debian patch mentioned above appears to apply cleanly to our 2.6.31, I decided together with mt that it would be best to stay with 2.6.31 for now.
> 2.6.32; though I do not know what the compatibility story is between libxml2 2.6 > and 2.7), and given that the Debian patch mentioned above appears to apply Well, Debian builds OOo 3.x with 2.7.3 in it's development release. (Just FYI). No explicit problems with it discovered (so far) > cleanly to our 2.6.31, I decided together with mt that it would be best to stay > with 2.6.31 for now. Of course. Nothing else would make sense anyway. (Except that you imho also should fix the bogus files in the tarball, see issue 104152)
...plus missing PATCH flag as SVN cws/sb114/scp2/source/ooo/ure.scp -r 274880
@kr: please verify
Added patch looks good! Patch flag looks good as well!
Closing ...