incubator-ooo-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Weir <robw...@apache.org>
Subject Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability
Date Fri, 23 Mar 2012 02:26:02 GMT
On Thu, Mar 22, 2012 at 9:32 PM, NoOp <glgxg@sbcglobal.net> wrote:
> On 03/22/2012 03:17 PM, Terry wrote:
>> This quote from the page mentioned by Rob:
>>
>> <quote>Linux and other platforms should consult their distro or OS
>> vendor for patch instructions.</quote>
>>
>> My distro doesn't support OpenOffice; most, I gather, don't.
> ...

This is good to know, very good in fact.  We were working on several
assumptions:

1) There were some users running OOo 3.3 on commercially supported LTS
Linux builds. In those cases we did not want to encourage the user to
mess with their files directly. It is important in those cases that
they get the patch from their vendor.

2) Other users would just be using the latest distro support, which in
most cases have silently switched OOo to LibreOffice.   Since
LibreOffice also fixed this same issue, such users would also get the
patch via their vendor's update mechanism.

What we did not know is the number of Linux users who uninstalled
LibreOffice and manually installed OOo 3.3 instead.  From the sounds
of it, there are many such users.  Me bad for missing that. But good
for the future of the project that there are so many with a preference
for OpenOffice.

>
> Even if they do, the patches are necessary and just as critical for
> linux users (and Solaris users) that have installed OOo directly from OOo:
> http://openoffice.org/download/other.html
>

If there is a developer maintaining the Solaris build then they are
free to provide a patch.  We've made the information available on
building it. And if they have questions they can ask on the ooo-dev
list.

> NoOp Wrote:
>> Where are the linux patches? I could only find Window and Mac:
>>
>> <http://www.eng.lsu.edu/mirrors/apache//incubator/ooo/3.3/patches/cve-2012-0037/>
> ...
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
> For additional commands, e-mail: ooo-users-help@incubator.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
For additional commands, e-mail: ooo-users-help@incubator.apache.org


Mime
View raw message