incubator-ooo-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: CVE-2012-0037: OpenOffice.org data leakage vulnerability
Date Thu, 19 Apr 2012 17:46:03 GMT
PS: On March 22, when notice of the CVE was made in various places (e.g., 
<http://lists.grok.org.uk/pipermail/full-disclosure/2012-March/086237.html>),
that information not only linked to the two available pre-build patches but also included
a link to this information on how to find the source code that could be adapted to patching
any other related release: 
<http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt>.

This is not an end-user Linux solution, but it is an available open-source solution.


-----Original Message-----
From: Dennis E. Hamilton [mailto:dennis.hamilton@acm.org] 
<http://mail-archives.apache.org/mod_mbox/incubator-ooo-users/201204.mbox/%3c003101cd1dd9$f63ddad0$e2b99070$@acm.org%3e>
Sent: Wednesday, April 18, 2012 20:10
To: ooo-users@incubator.apache.org
Subject: RE: CVE-2012-0037: OpenOffice.org data leakage vulnerability

[ ... ]
  
It is the case that a Linux patch has not been produced.  It is my understanding that it was
thought sufficient for the source code for the patch (which is ALv2 licensed) to end up being
built into Linux distributions as the part of Linux vendors making full builds for their custom
distributions.  When it was pointed out that many installations of OpenOffice.org on Linux
are downloaded and installed directly by end-users (and many Linux distributions include different
OpenOffice-lineage software [for which patched releases were already available]), there was
a call on ooo-dev for some Linux mavens to pitch in to pull together a patch for Linux.  I
think a few raised their hands.  I know of no further action.

[ ... ]


---------------------------------------------------------------------
To unsubscribe, e-mail: ooo-users-unsubscribe@incubator.apache.org
For additional commands, e-mail: ooo-users-help@incubator.apache.org


Mime
View raw message