On Fri, 2019-08-09 at 21:38 -0700, Derek Currie wrote: > A further patch was supposed to be applied in version > 6.3.4 this week. > And yet there is no record in the release notes of that patch. > Instead, there is an incorrect listing that CVE-2019-9848 was patched > in v6.2.5.2, which has been published to not be the case.
It is not incorrect to state that CVE-2019-9848 was patched in 6.2.5.2, but it is fair to state that it turns out the solution is not totally sufficient and there is an additional problem with the solution. A new advisory will be issued with a new CVE number for the follow-up issue when the solution is ready. We're working on making it available. -- To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy
