Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index


Hi,

On Wed, Jan 19, 2011 at 03:46:27PM +0100, Rene Engelhard wrote:
Already fixed. Don't find the commit anymore, but it was in a ooo-build
patch and got merged over to libs-core (tools) and impress (sd).

See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2935 and
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2936

And before anyone screams about coordinated disclosure and wonders whether
OOo 3.2.1 is affected: yes, it is.

Was reported and at the time it was reported it was already public
(by Se. So all
distros updated their packages (see the references in the CVE links)
- and Oracle in their usual policy waits for the next release -
which is 3.3.0.. No idea when/whether/how they update
StarOffice/Oracle Open Office.

Grüße/Regards,

René
-- 
 .''`.  René Engelhard -- Debian GNU/Linux Developer
 : :' : http://www.debian.org | http://people.debian.org/~rene/
 `. `'  rene@debian.org | GnuPG-Key ID: D03E3E70
   `-   Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.