On Thu, Mar 22, 2012 at 5:47 PM, Rob Weir <[email protected]> wrote: > We need a few things: > > 1) Someone to build the patch > (http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt) > > 2) Someone to create install instructions for the patch > > 3) One or more people to test the patch > > 4) Someone to update the website and send out an announcement > > > #1 is actually a lot easier than it sounds. If you can build AOO 3.4 > under Linux then you probably are already building the patched file. > We might even just extract the relevant library from a dev snapshot > install. But we need to consider what variations we need, 32 versus > 64, etc. > > For #2 I have the source for the existing install instructions. I'm > happy to share with anyone who wants to update the instructions and > screenshots for Linux users. > > For #3, I'm sure many of us can help. We have a proof of concept file > that shows the exploit that we can test against, but we need to take > extreme measures to ensure that filed is not publicly disclosed. > > For #4, I am happy to help with the digital signature and staging to > the mirrors, etc. Updating the webpage is really easy, using the > Apache CMS. > > Anyone care to volunteer for some of these tasks? > > -Rob
I can look at #1 and 2. it would make sense for these things each to have more than 1 person per task, IMO. Wolf -- This Apt Has Super Cow Powers - http://sourcefreedom.com Advancing Libraries Together - http://LYRASIS.org
