incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kazunari Hirano <khir...@gmail.com>
Subject Re: CVE-2011-2713 patch?
Date Mon, 26 Mar 2012 23:08:48 GMT
Hi Rob,

Thanks.
Apache OpenOffice (Incubating) provides CVE-2012-0037 patch for
OpenOffice.org 3.3.0.
Should we also provide CVE-2011-2713 patch for OpenOffice.org 3.3.0?

Thanks,
khirano

On Tue, Mar 27, 2012 at 7:46 AM, Rob Weir <robweir@apache.org> wrote:
> On Sun, Mar 25, 2012 at 9:11 PM, Kazunari Hirano <khirano@gmail.com> wrote:
>
>> Hi all,
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
>>
>> Do we have a patch for this?
>>
>>
> More info on this issue here:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=725668
>
> Note that it was downgraded from a security vulnerability to an ordinary
> crash.   Of course, it would be nice if we did not crash when loading a
> corrupt DOC file.
>
> I've sent a note to Huzaifa Sidhpurwala at RedHat, who discovered the issue
> originally, to see if he has a test file we can use to see if AOO 3.4 has
> the issue as well.
>
> -Rob
>
>
>> Thanks,
>> khirano
>> --
>> khirano@apache.org
>> Apache OpenOffice (incubating)
>> http://incubator.apache.org/openofficeorg/
>>



-- 
khirano@apache.org
Apache OpenOffice (incubating)
http://incubator.apache.org/openofficeorg/

Mime
View raw message