Date: prev next · Thread: first prev next last
2012 Archives by date, by thread · List index


Hi :)
I think it would be good to post it here too.  

It's unusual for LibreOffice to suffer anything like it.  In almost any other program it wouldn't 
have even been reported as it's so trivial.  Just another patch for just another unlikely exploit.  
You basically have to be passing the document backwards and forwards   without changing formats 
with someone you think of as reasonably friendly but who is actually fairly evil and who has a 
fairly unusually high skill level and knowledge-base.  I think the "not changing formats" part of 
that is fairly unlikely at the moment.  Their skill level is an issue too.  Perhaps most people on 
this list could do it fairly easily but the average skill level here is far higher than the vast 
majority of office workers.  

With LO or other OpenSource programs such things are rare enough that they become big News stories. 
 
Regards from
Tom :)


--- On Fri, 23/3/12, Dennis E. Hamilton <dennis.hamilton@acm.org> wrote:

From: Dennis E. Hamilton <dennis.hamilton@acm.org>
Subject: RE: [libreoffice-users] CVE-2012-0337
To: users@global.libreoffice.org
Date: Friday, 23 March, 2012, 17:13

This was a common vulnerability in software having lineage from OpenOffice 3.x, where it was 
introduced as part of support for features that are new in ODF 1.2.

I have provided an unofficial, personal analysis on the ooo-users list.  See 
<http://mail-archives.apache.org/mod_mbox/incubator-ooo-users/201203.mbox/%3c008c01cd08af$dd22b230$97681690$@acm.org%3e>.
  (I considered posting that here, but wasn't sure if it would be seen as appropriate.)

 - Dennis



-----Original Message-----
From: Nino Novak [mailto:nn.libo@kflog.org] 
Sent: Friday, March 23, 2012 06:29
To: users@global.libreoffice.org
Subject: Re: [libreoffice-users] CVE-2012-0337

Hi Dan,

On Friday 23 March 2012, 08:53:54 Dan Lewis wrote:
On Fri, 2012-03-23 at 08:10 -0400, drew jensen wrote:
On Fri, 2012-03-23 at 07:55 -0400, Dan Lewis wrote:

  ...  [vague security announcements]
      What security issues? I'm not sure I know from what I read.

I tend to share your wish for a clearer information here.


      Another thing that comes from trying to find this information: What
is a link that I can use to list my concerns or other comments about the
layout of the LO website?

As the project is self organized I'd suggest to raise your concerns in the 
website[1] list. There's also a more formal procedure to file an issue in 
bugzilla[2] (component WWW) 

HTH Nino

[ ... ]


-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.