On Mon, Mar 26, 2012 at 7:08 PM, Kazunari Hirano <[email protected]> wrote:
> Hi Rob, > > Thanks. > Apache OpenOffice (Incubating) provides CVE-2012-0037 patch for > OpenOffice.org 3.3.0. > Should we also provide CVE-2011-2713 patch for OpenOffice.org 3.3.0? > > I don't believe so, because CVE-2011-2713 is not a security issue. It is just a crash. -Rob > Thanks, > khirano > > On Tue, Mar 27, 2012 at 7:46 AM, Rob Weir <[email protected]> wrote: > > On Sun, Mar 25, 2012 at 9:11 PM, Kazunari Hirano <[email protected]> > wrote: > > > >> Hi all, > >> > >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713 > >> > >> Do we have a patch for this? > >> > >> > > More info on this issue here: > > > > https://bugzilla.redhat.com/show_bug.cgi?id=725668 > > > > Note that it was downgraded from a security vulnerability to an ordinary > > crash. Of course, it would be nice if we did not crash when loading a > > corrupt DOC file. > > > > I've sent a note to Huzaifa Sidhpurwala at RedHat, who discovered the > issue > > originally, to see if he has a test file we can use to see if AOO 3.4 has > > the issue as well. > > > > -Rob > > > > > >> Thanks, > >> khirano > >> -- > >> [email protected] > >> Apache OpenOffice (incubating) > >> http://incubator.apache.org/openofficeorg/ > >> > > > > -- > [email protected] > Apache OpenOffice (incubating) > http://incubator.apache.org/openofficeorg/ >
