incubator-ooo-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Fisher <dave2w...@comcast.net>
Subject Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability
Date Fri, 23 Mar 2012 19:58:43 GMT
Work is proceeding on the Linux patch. Please subscribe to OOo-dev mailing list if you would
like to help.

There is no Apache policy at play here at all. A very small group prepared this security patch
as one would expect.

Many of the members of the Apache OpenOffice Podling Project Management Committee agree that
Linux versions should have been included.

Regards,
Dave

Sent from my iPhone

On Mar 23, 2012, at 3:20 PM, "Girvin R. Herr" <girvin.herr@sbcglobal.net> wrote:

> 
> 
> Dan Lewis wrote:
>> On Thu, 2012-03-22 at 15:17 -0700, Terry wrote:
>>  
>>> This quote from the page mentioned by Rob:
>>> 
>>> <quote>Linux and other platforms should consult their distro or OS vendor
for patch instructions.</quote>
>>> 
>>> My distro doesn't support OpenOffice; most, I gather, don't.
>>> 
>>> 
>>> 
>>> ----- Original Message -----
>>>    
>>>> From: NoOp <glgxg@sbcglobal.net>
>>>> To: ooo-users@incubator.apache.org
>>>> Cc: Sent: Friday, 23 March 2012 5:13 AM
>>>> Subject: Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability
>>>> 
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>> 
>>>> On 03/22/2012 06:16 AM, Rob Weir wrote:
>>>>      
>>>>> Please note, this is the official security bulletin, targeted for  security
professionals.  If you are an OpenOffice.org 3.3 user, and
>>>>> are able to apply the mentioned patch, then you are encouraged to
>>>>> do so.  If someone else supports or manages your desktop, then  please
forward this information to them.
>>>>>        
>>>> ...
>>>> 
>>>> Where are the linux patches? I could only find Window and Mac:
>>>> 
>>>> <http://www.eng.lsu.edu/mirrors/apache//incubator/ooo/3.3/patches/cve-2012-0037/>
>>>> 
>>>> 
>>>>      
>>     There is still a group of people using linux who have been ignored:
>> the people who have downloaded their copy of OOo from the OOo website. I
>> fall into this category.
>>     Seems to me that if you are going to issue patches for Windows and
>> OSX for which you provide downloads from your website, you should
>> provide a patch for the rest of the versions available as binaries for
>> downloading from it.
>>     As far as compiling the patch, how many of the group I mentioned
>> know how to compile the patches for their version? I don't, and likely
>> many others don't either. In fact, I have never been able to compile any
>> program following directions. I always have gotten one or more errors
>> and not known what had caused the mistake nor how to fix it. That is why
>> I download and install binaries.
>>     Fortunately for me, I have already downloaded from the BuildBot on
>> 3/10/12 so I've gotten the patch applied.
>> 
>> --Dan
>> 
>> 
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
>> For additional commands, e-mail: ooo-users-help@incubator.apache.org
>> 
>> 
>>  
> Dan,
> First, I must divulge that I am a retired software/hardware engineer, so I do have experience
in compiling programs under Linux.  Some time ago, I did compile OO.o 2.x for my Slackware
Linux workstation, which does not come with OO.o support.  Although I didn't have any errors.
it took about 3 hours to do so on my 1.2GHz 1GB Athlon system, so I have since been repackaging
the downloaded OO.o binary packages into Slackware packages for installation. 
> So, I too am in the class of Linux users who download the binary OO.o and are left out
in the cold with this new scary Apache policy.  It deeply concerns me that there is any "discussion"
at all regarding Linux support.  Although it may not be intended, it appears to me that Apache
is cutting off the *nix limb of the OO.o tree.  That does not bode well for us Linux users
who have grown dependent on OO.o for maintaining our documents and, more importantly and more
critical to me, our database forms and reports.  It makes me want to look for another Open
Document office suite.  Instead of being loyal to OO.o (aka AOO now) maybe I should take another
look at LO...
> 
> I will at least be watching this issue closely and how Apache reacts.
> 
> Girvin Herr
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
> For additional commands, e-mail: ooo-users-help@incubator.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
For additional commands, e-mail: ooo-users-help@incubator.apache.org


Mime
View raw message