incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject How to make a Linux port of CVE-2012-0037
Date Thu, 22 Mar 2012 21:47:50 GMT
We need a few things:

1) Someone to build the patch
(http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt)

2) Someone to create install instructions for the patch

3) One or more people to test the patch

4)  Someone to update the website and send out an announcement


#1 is actually a lot easier than it sounds.  If you can build AOO 3.4
under Linux then you probably are already building the patched file.
We might even just extract the relevant library from a dev snapshot
install.   But we need to consider what variations we need, 32 versus
64, etc.

For #2 I have the source for the existing install instructions.  I'm
happy to share with anyone who wants to update the instructions and
screenshots for Linux users.

For #3, I'm sure many of us can help.  We have a proof of concept file
that shows the exploit that we can test against, but we need to take
extreme measures to ensure that filed is not publicly disclosed.

For #4, I am happy to help with the digital signature and staging to
the mirrors, etc. Updating the webpage is really easy, using the
Apache CMS.

Anyone care to volunteer for some of these tasks?

-Rob

Mime
View raw message