On 13/12/2011 Michael Meeks wrote:
On Mon, 2011-12-12 at 16:14 +0100, Andrea Pescetti wrote:
http://cgit.freedesktop.org/libreoffice/core/commit/?id=cf5d0e20f2ba5a71f9ca2ed78a1b24841c97bb06
... it doesn't seem particularly hidden...
Sure - that is because this CVE is already public, presumably because
the bug it is related to is also public cf.
https://bugzilla.redhat.com/show_bug.cgi?id=765812 and associated links.
In the CVE database it isn't public yet:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4599
But indeed both Caolán and Red Hat have enough experience and reputation
in handling issues to make it unlikely that this is a dangerous or
careless disclosure. I'm confident that, if the issue affects
OpenOffice.org or Apache OpenOffice too, it has been notified to the
appropriate lists.
Regards,
Andrea.