This is an automated email from the ASF dual-hosted git repository.
marcus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
commit dfd872b77575986c829a647052d1c30915fc6838
Author: Marcus <mar...@apache.org>
AuthorDate: Fri Mar 24 15:40:01 2023 +0100
Security Bulletin for the Apache OpenOffice 4.1.14 Release
---
content/security/bulletin.html | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/content/security/bulletin.html b/content/security/bulletin.html
index b68b4761f4..f16b151801 100644
--- a/content/security/bulletin.html
+++ b/content/security/bulletin.html
@@ -19,6 +19,14 @@
subscribe to our <a href="alerts.html">security-alerts mailing
list</a>.</strong>
</p>
+ <h3>Fixed in Apache OpenOffice 4.1.14</h3>
+
+ <ul>
+ <li><a href="cves/CVE-2022-38745.html">CVE-2022-38745</a>: An empty class
path may lead to run arbitrary Java code</li>
+ <li><a href="cves/CVE-2022-40674.html">CVE-2022-40674</a>: "Use after
free" fixed in expat >= 2.4.9</li>
+ <li><a href="cves/CVE-2022-47502.html">CVE-2022-47502</a>: Macro URL
arbitrary script execution without warning</li>
+ </ul>
+
<h3>Fixed in Apache OpenOffice 4.1.13</h3>
<ul>
