From owner-svn-ports-head@freebsd.org  Tue Nov 10 23:56:31 2020
Return-Path: <owner-svn-ports-head@freebsd.org>
Delivered-To: svn-ports-head@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9314D4676CC;
 Tue, 10 Nov 2020 23:56:31 +0000 (UTC)
 (envelope-from truckman@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CW4Wz3nPFz3Ljq;
 Tue, 10 Nov 2020 23:56:31 +0000 (UTC)
 (envelope-from truckman@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 74D8C347C;
 Tue, 10 Nov 2020 23:56:31 +0000 (UTC)
 (envelope-from truckman@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0AANuVkR032643;
 Tue, 10 Nov 2020 23:56:31 GMT (envelope-from truckman@FreeBSD.org)
Received: (from truckman@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0AANuVat032641;
 Tue, 10 Nov 2020 23:56:31 GMT (envelope-from truckman@FreeBSD.org)
Message-Id: <202011102356.0AANuVat032641@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: truckman set sender to
 truckman@FreeBSD.org using -f
From: Don Lewis <truckman@FreeBSD.org>
Date: Tue, 10 Nov 2020 23:56:31 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r554861 - head/security/vuxml
X-SVN-Group: ports-head
X-SVN-Commit-Author: truckman
X-SVN-Commit-Paths: head/security/vuxml
X-SVN-Commit-Revision: 554861
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-head@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: SVN commit messages for the ports tree for head
 <svn-ports-head.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-head>, 
 <mailto:svn-ports-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-head/>
List-Post: <mailto:svn-ports-head@freebsd.org>
List-Help: <mailto:svn-ports-head-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-head>,
 <mailto:svn-ports-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Nov 2020 23:56:31 -0000

Author: truckman
Date: Tue Nov 10 23:56:30 2020
New Revision: 554861
URL: https://svnweb.freebsd.org/changeset/ports/554861

Log:
  Document vulnerability in editors/openoffice-4 < 4.1.8 and openoffice-devel
  
  CVE-2020-13958 Unrestricted actions leads to arbitrary code execution
  in crafted documents
  
  A vulnerability in Apache OpenOffice scripting events allows an
  attacker to construct documents containing hyperlinks pointing to
  an executable on the target users file system. These hyperlinks can
  be triggered unconditionally. In fixed versions no internal protocol
  may be called from the document event handler and other hyperlinks
  require a control-click.
  
  <https://www.openoffice.org/security/cves/CVE-2020-13958.html>

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Tue Nov 10 23:56:00 2020	(r554860)
+++ head/security/vuxml/vuln.xml	Tue Nov 10 23:56:30 2020	(r554861)
@@ -58,6 +58,43 @@ Notes:
   * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="4f15ca7b-23ae-11eb-9f59-1c1b0d9ea7e6">
+    <topic>Apache OpenOffice -- Unrestricted actions leads to arbitrary code execution in crafted documents</topic>
+    <affects>
+      <package>
+	<name>apache-openoffice</name>
+	<range><lt>4.1.8</lt></range>
+      </package>
+      <package>
+	<name>apache-openoffice-devel</name>
+	<range><lt>4.2.1602022694,4</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The Apache Openofffice project reports:</p>
+	<blockquote cite="https://www.openoffice.org/security/cves/CVE-2020-13958.html">
+	  <h1>CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in crafted documents</h1>
+	  <h2>Description</h2>
+	  <p>A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click.</p>
+	  <h2>Severity: Low</h2>
+	  <p>There are no known exploits of this vulnerability.<br/>A proof-of-concept demonstration exists.</p>
+	  <p>Thanks to the reporter for discovering this issue.</p>
+	  <h2>Acknowledgments</h2>
+	  <p>The Apache OpenOffice Security Team would like to thank Imre Rad for discovering and reporting this attack vector.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>https://www.openoffice.org/security/cves/CVE-2020-13958.html</url>
+      <cvename>CVE-2020-13958</cvename>
+    </references>
+    <dates>
+      <discovery>2020-04-28</discovery>
+      <entry>2020-11-10</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="07c7ae7a-224b-11eb-aa6e-e0d55e2a8bf9">
     <topic>raptor2 -- buffer overflow</topic>
     <affects>