Hi :) Yeh, the upgrade to 3.4.0 supposedly dealt with 1 security issue and i think there have been 1 or 2 upgrades since then that we were urged to do as a matter of some urgency for similar reasons. That makes about 2-4 in about 4 years. I'm not sure if macros featured in any besides the 1 mentioned. I never seemed to fall foul of the problems even though i didn't upgrade when told to, even on 'my' Windows machines.
Wrt Johnny Rosenburg's comment that macros are not 100% backwards compatible and ancient macros might not be 100% guaranteed to work in newer versions but it all works "pretty much". It seems there are changes that may affect some macros but these only happen quite a bit less often than security issues occur in the whole program/suite. Regards from Tom :) On 10 February 2015 at 18:26, jonathon <toki.kant...@gmail.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 10/02/15 14:47, Tom Davies wrote: > >> I've never heard of OpenOffice or LibreOffice macros being used as an attack >> vector > > At least one proof-of-concept extension was released. > At least one document with an included proof-of-concept macro was released. > > The upside of those proof of concept items, is that the user had to > deliberately click on something, for the payload to be delivered. > > > However, several years ago there was an article in a language related to > French, that implied that at least one "malware attack vector" using ODF > file formats was in the wild. (This article was several years after the > French ministry of Defence discussed security flaws in OOo, and was > referring to then-current events.) > > One of the Snowdon Papers implied that OOo security flaws were being > exploited, but it gave no details about what, where, or how it was being > done. > > That said, if one works in area where spear-phishing is a daily yawn, > the security model offered by OOo, and its derivatives, is harder to > breach than that offered by MSO. > > jonathon > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJU2k1OAAoJEKG7hs8nSMR7SK4P/2L325ySLvZwvTi9tzH38M7f > cQKeDivmaxxnkKrtBz4EW2Jrz745irpHmwbSPp5s7EJNhEaGwSuNEuy3RMR+gf0M > Of4VdvQsHI74ndR0DkKakL7dh/Ki0cJUHR+agC8z+XB9+hU5Rq2RPtQ3fhvr9nyC > ExPgB6Dy+0jYIIarYdPH/iJ3I1k6QROubp+CmZS1de0rEN9/EJdAxo7F9n2TDJ1d > LmSBj0mwdzpTBKrwI6kXo4TAI6zvJ1FTls4J4PTu6+xeEZecjd3h5BfF/anAOHQv > eC2YqPJdDQnUzu7EURp9i1/+w2cdTybGA/H2AZlAH6g0ZoVLCTeyzRrMC1gLj9hy > xg5RCGwrJTIFNPzYXkrAmUF6yrzQwOXVIk7q77pz9KVpCokG5tgmFtH+4QPbyc5x > v1Fn+0OyQbZ1UVUrh+YKwVoS+wA3LNWCIgRrkbf64rYQcoeI4URKRuTKF8iPEwqp > u88QnLcytFDLI4KflQoH0f5s0TQEVlaSDgJU0hL2n7oZTJdu6hOPEB30Istok3KX > 0aebWn5p/+rYPPwXigqmlxKJkr0jtJn1SrUDiSO9OwHv4AS57NvFjPW4S1g3a/6K > cbVrEDj7pjCyQDayBlPquHdVynWYpi6DqoI4CXKI3sF+svGNuEgqe2HZOfW+c3jf > fLKrJB2Lh92IauoQ4rzE > =i6m+ > -----END PGP SIGNATURE----- > > -- > To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org > Problems? > http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ > Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette > List archive: http://listarchives.libreoffice.org/global/users/ > All messages sent to this list will be publicly archived and cannot be deleted -- To unsubscribe e-mail to: users+unsubscr...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted