Re: [REPORT] CVE-2016-1513 Security Advisory

2016-09-01 Thread Marcus

Great to see that this issue is solved finally.

Thanks to everyone who was involved. I want to express a special thanks 
to the developers Patricia, Damjan and Ariel for creating the binary 
files and Dennis for his coordination.


:-)

Marcus



Am 08/30/2016 05:46 PM, schrieb Dennis E. Hamilton:

[BCC PMC]

Today, Version 2.0 of the Advisory for CVE-2016-1513 has been issued.

There is now general availability of a Hotfix that can be downloaded and 
applied to installations of Apache OpenOffice 4.1.2.  The Hotfix details can be 
found at
.

Please review the README instructions before deciding to download and apply the 
Hotfix.

  - Dennis


-Original Message-
From: Dennis E. Hamilton [mailto:orc...@apache.org]
Sent: Thursday, July 21, 2016 09:43
To: dev@openoffice.apache.org
Subject: [REPORT] CVE-2016-1513 Security Advisory

[BCC AOO Users; BCC AOO PMC]

Today, advisory CVE-2016-1513 has been published with regard to
disclosure of a potentially-exploitable defect in crafted Impress
documents.  The advisory can be found at
.

There is no updated release at this time.  There is action underway.  We
can now discuss those actions and also seek assistance in the wider
community.


[ ... ]


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



RE: [REPORT] CVE-2016-1513 Security Advisory

2016-08-30 Thread Dennis E. Hamilton


> -Original Message-
> From: Rodrigo Marin-Rogers [mailto:rodmarog...@gmail.com]
> Sent: Tuesday, August 30, 2016 16:44
> To: annou...@openoffice.apache.org; orc...@apache.org
> Subject: Re: [REPORT] CVE-2016-1513 Security Advisory
> 
> Dear Dennis:
> 
>  The hotfix download and installation process is quite long and
> complicated for the general users who are not developers.  Why don't you
> just create a new version with the hotfix already included much easier
> to download.  I've lost several documents that showed as corrupt when I
> tried to reopen them,  then I suspected that something like this was
> happening, so I deleted them from my computer.
> 
>   Thank you for your kind concern,  Please let me know if you create
> such new version!
> 
> Truly yours,
> 
> 
> 
>   Rodrigo.
[orcmid] 

Thank you for the feedback, Rodrigo.

It may be months before there is a full update for Apache OpenOffice.  The 
hotfixes are for those able to make use of them in the meantime.  The reason we 
make the README files available to be read first is so folks can calibrate 
whether they want to go through it or not.

With regard to your document corruption experience, that is not the behavior 
associated with the CVE-2016-1513 vulnerability.  They were probably damaged in 
the Save process.  That is not unknown.

 - Dennis
> 
> 
> On Tue, Aug 30, 2016 at 9:46 AM, Dennis E. Hamilton  <mailto:orc...@apache.org> > wrote:
> 
> 
>   [BCC PMC]
> 
>   Today, Version 2.0 of the Advisory for CVE-2016-1513  1513>  has been issued.
> 
>   There is now general availability of a Hotfix that can be
> downloaded and applied to installations of Apache OpenOffice 4.1.2.  The
> Hotfix details can be found at
>   <http://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html
> <http://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html> >.
> 
>   Please review the README instructions before deciding to download
> and apply the Hotfix.
[ ... ]



-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org



RE: [REPORT] CVE-2016-1513 Security Advisory

2016-08-30 Thread Dennis E. Hamilton
[BCC PMC]

Today, Version 2.0 of the Advisory for CVE-2016-1513 has been issued.

There is now general availability of a Hotfix that can be downloaded and 
applied to installations of Apache OpenOffice 4.1.2.  The Hotfix details can be 
found at 
.

Please review the README instructions before deciding to download and apply the 
Hotfix.

 - Dennis

> -Original Message-
> From: Dennis E. Hamilton [mailto:orc...@apache.org]
> Sent: Thursday, July 21, 2016 09:43
> To: dev@openoffice.apache.org
> Subject: [REPORT] CVE-2016-1513 Security Advisory
> 
> [BCC AOO Users; BCC AOO PMC]
> 
> Today, advisory CVE-2016-1513 has been published with regard to
> disclosure of a potentially-exploitable defect in crafted Impress
> documents.  The advisory can be found at
> .
> 
> There is no updated release at this time.  There is action underway.  We
> can now discuss those actions and also seek assistance in the wider
> community.
> 
[ ... ]


-
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org