| |||||||||||||
An odd vulnerability report for LibreOfficeAn odd vulnerability report for LibreOfficePosted Oct 6, 2011 10:40 UTC (Thu) by mmeeks (subscriber, #56090)Parent article: An odd vulnerability report for LibreOffice
> One hopes that the press release is not the first time that the OOo
> community is hearing about the vulnerability, but that seems to > be the case
Of course not - it was disclosed (with patches) on the shared vulnerability mailing list; and at least one Apache Committer: Malte Timmerman was subscribed there.
> Perhaps the project was waiting until distributions were able to update
Of course - that is standard practice.
> There is no good reason that LO and AOO can't work together on
Some co-ordination is of course reasonable, however LibreOffice has developers actively working in this area - which involves fixing innumerable bugs of various risks. Few of these have associated CVE + circus.
(Log in to post comments)
Rob Weir - "monitoring" list where the patches were posted 2+ months ago Posted Oct 7, 2011 13:42 UTC (Fri) by mmeeks (subscriber, #56090) [Link]
Oh, and now I take a look at the public apache mail archive, I see this:
http://mail-archives.apache.org/mod_mbox/incubator-ooo-de...
from Rob Weir, and I quote:
"As I understand it now, the OpenOffice.org currently directs visitors
ie. Evidently, an AOO representative **was** added to the mailing list
|
|||||||||||||