incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wolf Halton <wolf.hal...@gmail.com>
Subject Re: How to make a Linux port of CVE-2012-0037
Date Fri, 23 Mar 2012 18:14:47 GMT
On Thu, Mar 22, 2012 at 5:47 PM, Rob Weir <robweir@apache.org> wrote:
> We need a few things:
>
> 1) Someone to build the patch
> (http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt)
>
> 2) Someone to create install instructions for the patch
>
> 3) One or more people to test the patch
>
> 4)  Someone to update the website and send out an announcement
>
>
> #1 is actually a lot easier than it sounds.  If you can build AOO 3.4
> under Linux then you probably are already building the patched file.
> We might even just extract the relevant library from a dev snapshot
> install.   But we need to consider what variations we need, 32 versus
> 64, etc.
>
> For #2 I have the source for the existing install instructions.  I'm
> happy to share with anyone who wants to update the instructions and
> screenshots for Linux users.
>
> For #3, I'm sure many of us can help.  We have a proof of concept file
> that shows the exploit that we can test against, but we need to take
> extreme measures to ensure that filed is not publicly disclosed.
>
> For #4, I am happy to help with the digital signature and staging to
> the mirrors, etc. Updating the webpage is really easy, using the
> Apache CMS.
>
> Anyone care to volunteer for some of these tasks?
>
> -Rob

I can look at #1 and 2.
it would make sense for these things each to have more than 1 person
per task, IMO.
Wolf

-- 
This Apt Has Super Cow Powers - http://sourcefreedom.com
Advancing Libraries Together - http://LYRASIS.org

Mime
View raw message