|| ||"Dennis E. Hamilton" <orcmid-AT-apache.org> |
|| ||<ooo-dev-AT-incubator.apache.org> |
|| ||RE: Vulnerability fixed in LibreOffice |
|| ||Wed, 5 Oct 2011 13:21:59 -0700|
|| ||Article, Thread
[bcc: firstname.lastname@example.org, email@example.com]
That information concerning an ApacheOOo representative on
firstname.lastname@example.org is apparently inaccurate. Or
else there is a breakdown in the vulnerability being
communicated to ApacheOOo.
However, since the patch has been made, the CVE and supporting
details should now be available somewhere public. Also, the
report refers to "some additional security patches and fixes"
without mention of any CVEs. It would be good to know what
that is about.
The LibreOffice 3.4.3 Release Notes provide no clue:
I did find two CVEs here:
The CVE list has not been updated yet:
I trust this is the last time that either of our projects learn about
something like this in a press release.
From: Simon Phipps [mailto:email@example.com]
Sent: Wednesday, October 05, 2011 12:49
Subject: Re: Vulnerability fixed in LibreOffice
I've investigated and I am informed by one of the LO developers:
> The initial report was sent to firstname.lastname@example.org on
> 25-07-2011, the assigned CVE id was cc'ed there somewhat later on. I
> posted the 5 patches which in combination would fix it to the list as
> well. I was informed an ApacheOOo representative had joined the list.
On 5 Oct 2011, at 20:40, Dennis E. Hamilton wrote:
> [bcc to email@example.com]
> It is difficult to tell from a press release what the details of security fixes are.
> -----Original Message-----
> From: FR web forum [mailto:firstname.lastname@example.org]
> Sent: Wednesday, October 05, 2011 10:15
> Good morning,
> TDF has published a fix for LibO: http://wp.me/p1byPE-bQ
> Do you know if OOo is impacted too?
> Thank you
to post comments)