Hi :)
I think it would be good to post it here too.
It's unusual for LibreOffice to suffer anything like it. In almost any other program it wouldn't
have even been reported as it's so trivial. Just another patch for just another unlikely exploit.
You basically have to be passing the document backwards and forwards without changing formats
with someone you think of as reasonably friendly but who is actually fairly evil and who has a
fairly unusually high skill level and knowledge-base. I think the "not changing formats" part of
that is fairly unlikely at the moment. Their skill level is an issue too. Perhaps most people on
this list could do it fairly easily but the average skill level here is far higher than the vast
majority of office workers.
With LO or other OpenSource programs such things are rare enough that they become big News stories.
Regards from
Tom :)
--- On Fri, 23/3/12, Dennis E. Hamilton <dennis.hamilton@acm.org> wrote:
From: Dennis E. Hamilton <dennis.hamilton@acm.org>
Subject: RE: [libreoffice-users] CVE-2012-0337
To: users@global.libreoffice.org
Date: Friday, 23 March, 2012, 17:13
This was a common vulnerability in software having lineage from OpenOffice 3.x, where it was
introduced as part of support for features that are new in ODF 1.2.
I have provided an unofficial, personal analysis on the ooo-users list. See
<http://mail-archives.apache.org/mod_mbox/incubator-ooo-users/201203.mbox/%3c008c01cd08af$dd22b230$97681690$@acm.org%3e>.
(I considered posting that here, but wasn't sure if it would be seen as appropriate.)
- Dennis
-----Original Message-----
From: Nino Novak [mailto:nn.libo@kflog.org]
Sent: Friday, March 23, 2012 06:29
To: users@global.libreoffice.org
Subject: Re: [libreoffice-users] CVE-2012-0337
Hi Dan,
On Friday 23 March 2012, 08:53:54 Dan Lewis wrote:
On Fri, 2012-03-23 at 08:10 -0400, drew jensen wrote:
On Fri, 2012-03-23 at 07:55 -0400, Dan Lewis wrote:
... [vague security announcements]
What security issues? I'm not sure I know from what I read.
I tend to share your wish for a clearer information here.
Another thing that comes from trying to find this information: What
is a link that I can use to list my concerns or other comments about the
layout of the LO website?
As the project is self organized I'd suggest to raise your concerns in the
website[1] list. There's also a more formal procedure to file an issue in
bugzilla[2] (component WWW)
HTH Nino
[ ... ]
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
--
For unsubscribe instructions e-mail to: users+help@global.libreoffice.org
Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.libreoffice.org/global/users/
All messages sent to this list will be publicly archived and cannot be deleted
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.