What's next for Apache OpenOffice
What's next for Apache OpenOffice
Posted Sep 8, 2016 17:22 UTC (Thu) by johannbg (guest, #65743)In reply to: What's next for Apache OpenOffice by servilio-ap
Parent article: What's next for Apache OpenOffice
I think everyone but ASF/AOO realize that they have already run out of time and if the bug handling is as was describe by seanyoung in a comment in this thread then those security vulnerabilities already exist since they aren't getting reported.
Posted Sep 8, 2016 17:54 UTC (Thu)
by cesarb (subscriber, #6266)
[Link]
What's next for Apache OpenOffice
It's worse than that. As I noted in the other thread (https://lwn.net/Articles/699108/), the vulnerability which started this discussion had been found and fixed on LO more than an year before it was reported to AOO. An attacker would just have to search the LO commits for the many ones marked as fixing issues reported by valgrind/coverity/etc; some of them will be vulnerabilities in OOo code inherited by both AOO and LO.