Hello from GB
I am sorry to disturb you with a subject which is probably not what you are
after at the moment
Found you in the development section.
My question is worth considering and forwarding to the ad hoc development
team.
Congratulation to the extraordinary achievement of 300 M + downloads
Can I take this mail for the opportunity to make a suggestion of including
.docx in the compatible formats in Writer. It is very often that we receive
this format from people and the conversion to .doc Microsoft 97/2000/XP
(which is the nearest format available) is not right and produce some
glitches.
It might be some work until that is possible, but it is to be considered as
a major positive point for MS users to rejoin our community.
I would be glad if you forward this request to the development team who is
in charge.
Also recommend them to carry on testing compatibility with using Windows as
I had a major freezing - making the cursor disappear and all functions
inoperative – not identified the cause and needed a full re-installation
from scratch (very
unfortunate)
Congratulation again
Alain Dufour
A user for many years and a believer in free source
-----Message d'origine-----
From: Dave Fisher
Sent: Wednesday, November 11, 2020 12:35 AM
To: annou...@apache.org ; secur...@openoffice.apache.org
Cc: annou...@openoffice.apache.org ; dev ; Imre Rad
Subject: [CVE-2020-13958] Apache OpenOffice - Unrestricted actions leads to
arbitrary code execution in crafted documents
CVE-2020-13958 Unrestricted actions leads to arbitrary code execution in
crafted documents
Fixed in Apache OpenOffice 4.1.8
Description
A vulnerability in Apache OpenOffice scripting events allows an attacker to
construct
documents containing hyperlinks pointing to an executable on the target
users file system.
These hyperlinks can be triggered unconditionally. In fixed versions no
internal protocol
may be called from the document event handler and other hyperlinks require a
control-click.
Severity: Low
There are no known exploits of this vulnerability.
A proof-of-concept demonstration exists.
Vendor: The Apache Software Foundation
Versions Affected
Apache OpenOffice 4.0.0, 4.0.1, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5,
4.1.6, and 4.1.7
OpenOffice.org versions may also be affected.
Mitigation
Install Apache OpenOffice 4.1.8 for the latest maintenance and cumulative
security fixes.
Use the Apache OpenOffice download page
(https://www.openoffice.org/download/).
Acknowledgments
The Apache OpenOffice Security Team would like to thank Imre Rad for
discovering and
reporting this attack vector.
Further Information
For additional information and assistance, consult the Apache OpenOffice
Community Forums
(https://forum.openoffice.org) or make requests to the
us...@openoffice.apache.org
(mailto:us...@openoffice.apache.org) public mailing list.
The latest information on Apache OpenOffice security bulletins can be found
at the
Bulletin Archive page (https://www.openoffice.org/security/bulletin.html).
--
L'absence de virus dans ce courrier électronique a été vérifiée par le logiciel
antivirus Avast.
https://www.avast.com/antivirus
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org
