openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Don Lewis <truck...@apache.org>
Subject Re: AOO 4.1.6-RC1 m1 r1844555
Date Fri, 26 Oct 2018 22:20:47 GMT
On 26 Oct, Don Lewis wrote:

> In addition the bundled version of nss has a bunch of CVEs.  Even the
> version in trunk has two I believe.  I spent most of a week trying to
> upgrade the trunk version and got a successful build on Windows, but
> haven't had time to test it, and my patches need further cleanup.  The
> big problems is that newer versions are C99 which the version of Visual
> C++ that we use for the Windows build does not support.  I also remember
> the pain that we went through to get this working properly when we did
> the previous trunk upgrade.  It is used for document signing.

nss-3.14.4 (in 4.1.5):
  CVE-2014-1561
  CVE-2014-1560
  CVE-2014-1559
  CVE-2014-1558
  CVE-2014-1557
  CVE-2014-1556
  CVE-2014-1555
  CVE-2014-1552
  CVE-2014-1551
  CVE-2014-1550
  CVE-2014-1549
  CVE-2014-1548
  CVE-2014-1547
  CVE-2014-1544

nss-3.25 (in trunk):
  CVE-2017-5462
  CVE-2017-5461

Upgrading to 3.25 looks like it would require merging r1753163,
r1753962, maybe r1799750, r1811598, and r1811604.  The latter two are Mac
fixes.


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message