Description of problem: libwpd <=0.8.8 is vulnerable to an integer overflow bug, fixed in 0.8.9. FC6 currently ships 0.8.6 and is not patched for CVE-2007-0002. Version-Release number of selected component (if applicable): libwpd-0.8.6-1 How reproducible: Didn't try. Steps to Reproduce: N/A Actual results: Vulnerable. Expected results: Not vulnerable. Additional info: See bug 222808 for the RHEL 5 security advisory. "This update has been rated as having important security impact by the Red Hat Security Response Team."
http://www.redhat.com/archives/fedora-package-announce/2007-March/msg00058.html http://www.redhat.com/archives/fedora-package-announce/2007-March/msg00057.html Thanks.