Return-Path: X-Original-To: apmail-incubator-ooo-users-archive@minotaur.apache.org Delivered-To: apmail-incubator-ooo-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B206A92E6 for ; Sun, 29 Apr 2012 21:15:15 +0000 (UTC) Received: (qmail 58627 invoked by uid 500); 29 Apr 2012 21:15:15 -0000 Delivered-To: apmail-incubator-ooo-users-archive@incubator.apache.org Received: (qmail 58587 invoked by uid 500); 29 Apr 2012 21:15:15 -0000 Mailing-List: contact ooo-users-help@incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: ooo-users@incubator.apache.org Delivered-To: mailing list ooo-users@incubator.apache.org Received: (qmail 58579 invoked by uid 99); 29 Apr 2012 21:15:15 -0000 Received: from minotaur.apache.org (HELO minotaur.apache.org) (140.211.11.9) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Apr 2012 21:15:15 +0000 Received: from localhost (HELO localhost) (127.0.0.1) (smtp-auth username arielch, mechanism plain) by minotaur.apache.org (qpsmtpd/0.29) with ESMTP; Sun, 29 Apr 2012 21:15:15 +0000 Date: Sun, 29 Apr 2012 18:15:16 -0300 From: Ariel Constenla-Haile To: ooo-users@incubator.apache.org Subject: Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability Message-ID: <20120429211516.GB3827@localhost> References: <20120423210059.GA23187@localhost> <20120424105049.GA418@localhost> <20120429201436.GA13618@localhost> <20120429210939.GA3827@localhost> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="wzJLGUyc3ArbnUjN" Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) --wzJLGUyc3ArbnUjN Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Apr 29, 2012 at 05:11:30PM -0400, Rob Weir wrote: > >> > I am not sure if anyone has been able to reproduce the issue on Linux > >> > with OOo 3.3. May be we can give you the file to test it, it would be > >> > nice to have someone else testing it. If someone knows we are able t= o do > >> > so, please let us know. > >> > > >> > >> Absolutely not. =A0The test exploit file must *not* be shared. > > > > That's what I guessed. So how will we proceed? I couldn't reproduce the > > exploit in any of the three distros I tried, OOo 3.3 only crashes but > > does not exploit as expected. > > >=20 > This the kind of thing we should probably discuss on the ooo-security lis= t. Ok, I'll move the discussion there. Regard Regardss --=20 Ariel Constenla-Haile La Plata, Argentina --wzJLGUyc3ArbnUjN Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJPna9kAAoJEMjP1bm45QNWfDMP/RmQR1RsMQ6rki6Z4qotmC/a g1odHKuEwOgy26ePBTFcRoMG7Vk02y7zXBwaZXgF6dZtA6KGLdsPXHx273u0UmoT 83ynkmmr2D9SDOF28jg60CHM7Up9ksJ9S/4z1DAnkjCUK0ur1QKiC7wDlci4v67H nmPS7P+3zyEofeDnQarzcg6yNavPJK1x8vAiPYB6vqcmcPqiBhwU5M9tZNJ34Aag ONCSw/JAbM0rWESsGWE81xQlQPBAdDOgH8LZTS984YmC2alJLQB1kBCrChn+aw0F jYdeWKjdj6lrJWxZIimQeuJfqbCkgvy2eUhB/3KWCZxip3Fu9IEZx/Y2SpReyc5q mi5w17908mRiKq5yx6DkxbTRrvwMRqXDvDgvo0ob6lqgQQiPAFCh2MKgXYreibEa M92DXbSfLLvzHWm4bncyr/DuSqyNx9gZmPdqvS0xqlqsF+VdSGYVlCha+0h0X+6c CSNrfF0hT3Tmz0vCYPJm8O3IrYFrkNS2okGNpM9UhinY34/BaoDiahUZFW6+jlc+ zaAfhc/B1DO55BxoOMsYpaPaSkoNTI58yL8G02d3FvX7MethHRUU925uVXjc2bQH oLCSId+hGBpm5A/e/dukuMez7LjNFHsxQ3L9Un1zoNRQPcsm/kfPfcL5TH4+/O09 5t7dyaKx4g0syPopKNhS =VTXr -----END PGP SIGNATURE----- --wzJLGUyc3ArbnUjN--