incubator-ooo-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From NoOp <>
Subject Re: CVE-2012-0037: data leakage vulnerability
Date Thu, 19 Apr 2012 00:55:35 GMT
On 03/23/2012 02:17 PM, Rob Weir wrote:
> On Fri, Mar 23, 2012 at 5:11 PM, Girvin R. Herr
> <> wrote:
>> Dave,
>> Thanks for the quick, encouraging response.
>> I thought this security patch was part of an Apache effort and sanction.  I
>> was not aware that it was produced by a 3rd party without Apache support.
> That's a logical leap without basis.  It is possible for a small group
> at Apache to have produced the patch and for there to be no policy
> against Linux.  In fact both statements are true.
> Remember, we're not a commercial software vendor. Apache is a
> non-profit, run by volunteers.  If volunteers wish to make a Linux
> patch, then they will.  And it appears they will.  We've certainly
> been building and testing OpenOffice 3.4 for Linux.  If there are
> volunteers for Solaris, BSD, OS/2 or whatever, those patches will also
> appear.  The Apache license allows anyone to take this code and build
> it on whatever platform they want.
>>  My apologies to all. I will still keep an eye on it, but I am relieved that
>> the Linux omission was not a result of Apache policy.
> Again, policy has nothing to do with this.

Really? Then perhaps you can tell us were to find the linux patch. It's
now April 18. AOO couldn't figure out a linux patch in all that time?

Is there a different mirror than:
with the linux patch(s)?

Seems pretty sad that AOO are unable to provide a linux patch when the
Windows and Mac patches were provided 21 March.  Makes one wonder if
Apache even plan to support linux AOO. Particularly given this statement:

"Linux and other platforms should consult their distro or OS vendor for
patch instructions."

on <>.

BTW: <> is
still showing:
(under review)
"** RESERVED ** This candidate has been reserved by an organization or
individual that will use it when announcing a new security problem. When
the candidate has been publicized, the details for this candidate will
be provided. "
Nor is there any mention of that CVE here:
So perhaps it really isn't something to worry about afterall.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message