On Oct 5, 2011, at 1:21 PM, Dennis E. Hamilton wrote: > [bcc: [email protected], [email protected]] > > That information concerning an ApacheOOo representative on > [email protected] is apparently inaccurate. Or > else there is a breakdown in the vulnerability being > communicated to ApacheOOo.
Rather unfortunate as that seemed to be one area of co-operation. IMHO - It would make sense for someone to either immediately shutdown [email protected] or make it forward to [email protected]. If INFRA-3898 were completed we might have a chance until then ... Regards, Dave > > However, since the patch has been made, the CVE and supporting > details should now be available somewhere public. Also, the > report refers to "some additional security patches and fixes" > without mention of any CVEs. It would be good to know what > that is about. > > The LibreOffice 3.4.3 Release Notes provide no clue: > < http://wiki.documentfoundation.org/Releases/3.4.3_info_about_fixes>. > > I did find two CVEs here: > < http://www.libreoffice.org/advisories/> > > The CVE list has not been updated yet: > < http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713> > > I trust this is the last time that either of our projects learn about > something like this in a press release. > > > - Dennis > > -----Original Message----- > From: Simon Phipps [mailto:[email protected]] > Sent: Wednesday, October 05, 2011 12:49 > To: [email protected] > Subject: Re: Vulnerability fixed in LibreOffice > > I've investigated and I am informed by one of the LO developers: >> The initial report was sent to [email protected] on >> 25-07-2011, the assigned CVE id was cc'ed there somewhat later on. I >> posted the 5 patches which in combination would fix it to the list as >> well. I was informed an ApacheOOo representative had joined the list. > > > On 5 Oct 2011, at 20:40, Dennis E. Hamilton wrote: > >> [bcc to [email protected]] >> >> It is difficult to tell from a press release what the details of security >> fixes are. >> >> >> -----Original Message----- >> From: FR web forum [mailto:[email protected]] >> Sent: Wednesday, October 05, 2011 10:15 >> >> Good morning, >> >> TDF has published a fix for LibO: http://wp.me/p1byPE-bQ >> >> Do you know if OOo is impacted too? >> >> Thank you >> >
