[bcc: [email protected], [email protected]] That information concerning an ApacheOOo representative on [email protected] is apparently inaccurate. Or else there is a breakdown in the vulnerability being communicated to ApacheOOo.
However, since the patch has been made, the CVE and supporting details should now be available somewhere public. Also, the report refers to "some additional security patches and fixes" without mention of any CVEs. It would be good to know what that is about. The LibreOffice 3.4.3 Release Notes provide no clue: < http://wiki.documentfoundation.org/Releases/3.4.3_info_about_fixes>. I did find two CVEs here: < http://www.libreoffice.org/advisories/> The CVE list has not been updated yet: < http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713> I trust this is the last time that either of our projects learn about something like this in a press release. - Dennis -----Original Message----- From: Simon Phipps [mailto:[email protected]] Sent: Wednesday, October 05, 2011 12:49 To: [email protected] Subject: Re: Vulnerability fixed in LibreOffice I've investigated and I am informed by one of the LO developers: > The initial report was sent to [email protected] on > 25-07-2011, the assigned CVE id was cc'ed there somewhat later on. I > posted the 5 patches which in combination would fix it to the list as > well. I was informed an ApacheOOo representative had joined the list. On 5 Oct 2011, at 20:40, Dennis E. Hamilton wrote: > [bcc to [email protected]] > > It is difficult to tell from a press release what the details of security > fixes are. > > > -----Original Message----- > From: FR web forum [mailto:[email protected]] > Sent: Wednesday, October 05, 2011 10:15 > > Good morning, > > TDF has published a fix for LibO: http://wp.me/p1byPE-bQ > > Do you know if OOo is impacted too? > > Thank you >
