>Shouldn't a severe vulnerability notification have been sent to the >announce list? I mean, this is pretty serious. > We (I) were set to do that yesterday, then was informed by Martin Hollmichel that the patch needed still to go through final QA. It will be ready tomorrow, and we'll do the full honors--announce, homepage, etc.
best Louis >On 4/13/05, Deepankar Datta <[EMAIL PROTECTED]> wrote: >> OpenOffice Confirms Buffer Overflow Flaw >> ---------------------------------------- >> "The OpenOffice.org community on Tuesday confirmed the existence of a >> potentially serious heap-overflow vulnerability in its freely >> distributed office productivity suite." >> ... >> "We learned of this March 31 and will be working on it immediately. A >> patch is ready but it is still going through [quality assurance] >> testing," Suarez-Potts told eWEEK.com. The update is expected to be >> available for general download within two days." >> >> http://www.eweek.com/article2/0,1759,1785154,00.asp >> >> OpenOffice.org post: >> http://www.openoffice.org/issues/show_bug.cgi?id=46388 >> >> Further reporting: >> http://news.com.com/OpenOffice.org+details+vulnerability/2100-1002_3- 5669073.html?tag=nefd.top >> >> Send instant messages to your online friends http://uk.messenger.yahoo.com >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
