incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <orc...@apache.org>
Subject RE: Vulnerability fixed in LibreOffice
Date Wed, 05 Oct 2011 20:21:59 GMT
[bcc: ooo-security@i.a.o, tdf-security@l.df.o]

That information concerning an ApacheOOo representative on 
securityteam@openoffice.org is apparently inaccurate.  Or 
else there is a breakdown in the vulnerability being 
communicated to ApacheOOo.

However, since the patch has been made, the CVE and supporting
details should now be available somewhere public.  Also, the
report refers to "some additional security patches and fixes"
without mention of any CVEs.  It would be good to know what 
that is about.

The LibreOffice 3.4.3 Release Notes provide no clue:
< http://wiki.documentfoundation.org/Releases/3.4.3_info_about_fixes>.

I did find two CVEs here:
< http://www.libreoffice.org/advisories/>

The CVE list has not been updated yet:
< http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713>

I trust this is the last time that either of our projects learn about 
something like this in a press release.


 - Dennis

-----Original Message-----
From: Simon Phipps [mailto:simon@webmink.com] 
Sent: Wednesday, October 05, 2011 12:49
To: ooo-dev@incubator.apache.org
Subject: Re: Vulnerability fixed in LibreOffice

I've investigated and I am informed by one of the LO developers:
> The initial report was sent to securityteam@openoffice.org on
> 25-07-2011, the assigned CVE id was cc'ed there somewhat later on. I
> posted the 5 patches which in combination would fix it to the list as
> well. I was informed an ApacheOOo representative had joined the list.
 

On 5 Oct 2011, at 20:40, Dennis E. Hamilton wrote:

> [bcc to ooo-security@i.a.o]
> 
> It is difficult to tell from a press release what the details of security fixes are.
 
> 
> 
> -----Original Message-----
> From: FR web forum [mailto:oooforum@free.fr] 
> Sent: Wednesday, October 05, 2011 10:15
> 
> Good morning,
> 
> TDF has published a fix for LibO: http://wp.me/p1byPE-bQ
> 
> Do you know if OOo is impacted too?
> 
> Thank you
> 


Mime
View raw message