incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: CVE-2011-2713 patch?
Date Mon, 26 Mar 2012 23:11:20 GMT
On Mon, Mar 26, 2012 at 7:08 PM, Kazunari Hirano <khirano@gmail.com> wrote:

> Hi Rob,
>
> Thanks.
> Apache OpenOffice (Incubating) provides CVE-2012-0037 patch for
> OpenOffice.org 3.3.0.
> Should we also provide CVE-2011-2713 patch for OpenOffice.org 3.3.0?
>
>
I don't believe so, because CVE-2011-2713 is not a security issue.  It is
just a crash.

-Rob



> Thanks,
> khirano
>
> On Tue, Mar 27, 2012 at 7:46 AM, Rob Weir <robweir@apache.org> wrote:
> > On Sun, Mar 25, 2012 at 9:11 PM, Kazunari Hirano <khirano@gmail.com>
> wrote:
> >
> >> Hi all,
> >>
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
> >>
> >> Do we have a patch for this?
> >>
> >>
> > More info on this issue here:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=725668
> >
> > Note that it was downgraded from a security vulnerability to an ordinary
> > crash.   Of course, it would be nice if we did not crash when loading a
> > corrupt DOC file.
> >
> > I've sent a note to Huzaifa Sidhpurwala at RedHat, who discovered the
> issue
> > originally, to see if he has a test file we can use to see if AOO 3.4 has
> > the issue as well.
> >
> > -Rob
> >
> >
> >> Thanks,
> >> khirano
> >> --
> >> khirano@apache.org
> >> Apache OpenOffice (incubating)
> >> http://incubator.apache.org/openofficeorg/
> >>
>
>
>
> --
> khirano@apache.org
> Apache OpenOffice (incubating)
> http://incubator.apache.org/openofficeorg/
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message