Date: prev next · Thread: first prev next last
2011 Archives by date, by thread · List index


On 09/01/2011 11:08 AM, David H. Lipman wrote:
From: "Tom Davies" <tomdavies04@yahoo.co.uk>

Hi :)
Yes, those are the crucial points.
1.  It's mostly only Base that is affected by which version of java you are
using.  If you don't use Base you might even be able to stop LibreOffice from
trying to use java at all!
Tools - Options - LibreOffice - Java
and un-tick the tick-box at the top.  If you can do that then you might find
LibreOffice opens significantly faster.


2.  You can have more than one version of java on your machine.  Most apps will
try to use the newest version but you can force LibreOffice to choose one that
works better for LibreOffice
Tools - Options - LibreOffice - Java
So your web-browser can be nice and safe.

3.  I think the exploits would only work if contained inside a document that you
opened using LibreOffice?  ie after various anti-virus programs had nosed
around.


4.  Dependence on java is being slowly written out of LibreOffice to avoid this
problem in the future although it's probably going to take a long time to remove
it from Base completely!  I think  people are being steered away from Base
back-ends that might depend on java.


Regards from
Tom :)


In reference to #3, that is a faux conclusion.

JRE is installed into the OS and LO takes advantage of it in contrast to an application 
that includes JRE and uses it privately.

Take Adobe Acrobat Professional v9.x as an example.
It installs a private version of JRE that is used by Adobe Life Cycle Designer.
C:\Program Files\Adobe\Acrobat 9.0\Designer 8.2\jre\bin
Which is; 1.5.0_11-b03 (version 5 update 11)

That's is in contrast to the JRE distribution which is installed into the OS as a shared 
Java resource.
C:\Program Files\Java\jre6
C:\Program Files\Java\jre7

Thus it is available to Internet Browsers such as IE and Firefox and all one has to do is 
visit a web site that hosts malicious code that seeks out vulnerable versions of Oracle 
Java and subsequently exploit it.

You wrote in in #2...
"Tools - Options - LibreOffice - Java...So your web-browser can be nice and safe. "

Selecting which JRE to use in LO is exclusive to what the Internet Browser ultimately 
uses.


Well said.

In addition:
http://java.com/en/download/faq/remove_olderversions.xml

Let's also hope that 'webcracked' abides by Oracles license and in
particular:

====
7.  EXPORT  REGULATIONS.
C.  LICENSE TO DISTRIBUTE SOFTWARE
D.  LICENSE TO DISTRIBUTE REDISTRIBUTABLES
====

Personally I wouldn't want to be on the other side of Oracle's legal
office these days.




-- 
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.