Debian & general comment
Posted Oct 5, 2011 21:47 UTC (Wed) by Curan
Parent article: An odd vulnerability report for LibreOffice
As of this writing, only Debian has released a security update to address the problem, and that fix is only for OOo as Debian hasn't had a release that contains LO.
Well, even though it isn't released yet as a stable release, the LO versions in testing and unstable aren't affected either as they are 3.4.3-1 and 3.4.3-3.
Apart from that I really don't like the communications style. Bugs, including security issues, should be made public immediately. It would help users and administrators to take appropriate actions, including being e.g. extra careful about opening files, that might trigger the bug. I hope all LO devs and/or TDF members won't do this again. Better name a bug and allow all to take precautions than leave everybody in the dark with the risk, that some malware developer stumbles across something like this and can take advantage of it.
to post comments)