Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Dennis E. Hamilton <orcmid <at> apache.org>
Subject: RE: Vulnerability fixed in LibreOffice
Newsgroups: gmane.comp.apache.incubator.ooo.devel
Date: Wednesday 5th October 2011 20:21:59 UTC (over 5 years ago)
[bcc: [email protected], [email protected]]

That information concerning an ApacheOOo representative on 
[email protected] is apparently inaccurate.  Or 
else there is a breakdown in the vulnerability being 
communicated to ApacheOOo.

However, since the patch has been made, the CVE and supporting
details should now be available somewhere public.  Also, the
report refers to "some additional security patches and fixes"
without mention of any CVEs.  It would be good to know what 
that is about.

The LibreOffice 3.4.3 Release Notes provide no clue:
< http://wiki.documentfoundation.org/Releases/3.4.3_info_about_fixes>.

I did find two CVEs here:
< http://www.libreoffice.org/advisories/>

The CVE list has not been updated yet:
< http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713>

I trust this is the last time that either of our projects learn about 
something like this in a press release.


 - Dennis

-----Original Message-----
From: Simon Phipps [mailto:[email protected]] 
Sent: Wednesday, October 05, 2011 12:49
To: [email protected]
Subject: Re: Vulnerability fixed in LibreOffice

I've investigated and I am informed by one of the LO developers:
> The initial report was sent to [email protected] on
> 25-07-2011, the assigned CVE id was cc'ed there somewhat later on. I
> posted the 5 patches which in combination would fix it to the list as
> well. I was informed an ApacheOOo representative had joined the list.
 

On 5 Oct 2011, at 20:40, Dennis E. Hamilton wrote:

> [bcc to [email protected]]
> 
> It is difficult to tell from a press release what the details of security
fixes are.  
> 
> 
> -----Original Message-----
> From: FR web forum [mailto:[email protected]] 
> Sent: Wednesday, October 05, 2011 10:15
> 
> Good morning,
> 
> TDF has published a fix for LibO: http://wp.me/p1byPE-bQ
> 
> Do you know if OOo is impacted too?
> 
> Thank you
>
 
CD: 4ms