Hi Rob, Thanks. Apache OpenOffice (Incubating) provides CVE-2012-0037 patch for OpenOffice.org 3.3.0. Should we also provide CVE-2011-2713 patch for OpenOffice.org 3.3.0?
Thanks, khirano On Tue, Mar 27, 2012 at 7:46 AM, Rob Weir <robw...@apache.org> wrote: > On Sun, Mar 25, 2012 at 9:11 PM, Kazunari Hirano <khir...@gmail.com> wrote: > >> Hi all, >> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713 >> >> Do we have a patch for this? >> >> > More info on this issue here: > > https://bugzilla.redhat.com/show_bug.cgi?id=725668 > > Note that it was downgraded from a security vulnerability to an ordinary > crash. Of course, it would be nice if we did not crash when loading a > corrupt DOC file. > > I've sent a note to Huzaifa Sidhpurwala at RedHat, who discovered the issue > originally, to see if he has a test file we can use to see if AOO 3.4 has > the issue as well. > > -Rob > > >> Thanks, >> khirano >> -- >> khir...@apache.org >> Apache OpenOffice (incubating) >> http://incubator.apache.org/openofficeorg/ >> -- khir...@apache.org Apache OpenOffice (incubating) http://incubator.apache.org/openofficeorg/