CVE-2021-41832: Apache OpenOffice: Content Manipulation with Certificate Validation Attack
Severity: moderate Description: It is possible for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory. Credit: Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
CVE-2021-41831: Apache OpenOffice: Timestamp Manipulation with Signature Wrapping
Severity: moderate Description: It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory. Credit: Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
CVE-2021-41830: Apache OpenOffice: Double Certificate Attack
Severity: high Description: It is possible for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory. Credit: Apache OpenOffice would like to thank Simon Rohlmann, Vladislav Mladenov, Christian Mainka, and Jorg Schwenk of Ruhr University Bochum, Germany - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: OO disappears, forcing people to Libre & then reemerges as Apache...
Hi - > On Oct 10, 2021, at 9:18 AM, joseph dingler > wrote: > > Hello All, > > Not sure I want to drown in all the drama/politics over at Oracle and how you > acquired OO; Oracle donated OpenOffice.org to the Apache Software Foundation over ten years ago. As far as I know no one in the community is paid for their support of Apache OpenOffice, we are completely volunteer. > but I would assume that you have a non-compete or other arrangement > prohibiting you from 'giving-away' solaris or BSD compatible/ported OO?? Anyone member is welcome to produce a Solaris version of Apache OpenOffice. We had a member of our community who did so early on, but does no longer. About Porting: https://www.openoffice.org/porting/index.html Out of date information about Solaris: https://www.openoffice.org/tools/dev_docs/build_solaris.html and https://wiki.openoffice.org/wiki/Documentation/Building_Guide The Apache License v2 (AL2) is compatible with BSD. Unfortunately, LibreOffice has chosen a license which is not compatible with Apache Release Policy. That’s their choice. > I have 2 main questions that I'm needing of you? > > First and generally speaking; OO current version is 4.1 & Libre is 7.1, are > you really that far behind because Oracle didn't dev OO or did you just adopt > all their dev and just continue as your release versions? We prefer to remain stable and have taken a different approach to versioning. We are on our 12th version of 4.1 which is 4.1.11. We are also working on a 4.2 line which is only available as a developer testing build. > Second, as the entire Linux Community have become FLAMING systemd-sexuals - > while it is completely puzzling how there is such agreement about something > as controversial as systemd -; among the TWO MILLION lines of un-audited code > has suffered it's first crippling handicap... it appears that unix flavors > are going to begin getting an infusion of interest, from mass exodus from the > POXIS abomination... What are your intentions of a BSD/Open Indiana/Open > Solaris install? We provide both DEB and RPM installs for Linux systems. We will be providing AL2 licensed product only as we are a project of The Apache Software Foundation - https://www.apache.org See this blog post for an excellent description of the Foundation’s mission. https://blogs.apache.org/foundation/entry/the-apache-way-to-sustainable We would welcome and support anyone who wants to resurrect and support an Open Indiana/Open Solaris build. We are all volunteers who are working where they please. > > The 2nd question is of pressing importance, as I'mn looking into putting some > development into a Unix Desktop & needing productivity tools to come standard > in the distro. If you’d like to join the developer list and discuss how OpenOffice could fit your plans please join d...@openoffice.apache.org by sending an email to dev-subscr...@openoffice.apache.org We are non-political regarding platform politics so you should leave your rants behind. HTH, Dave > > > > Joseph Dingler > > “If you take care of your people, your people will take care of your > customers and your business will take care of itself.” ~ J.W. Marriott - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: OO disappears, forcing people to Libre & then reemerges as Apache...
I'm not going to attempt to address the licensing issues that you bring up, but let me mention something about versioning. Version numbers are rather arbitrary, and if you want to know if something is far behind or not, instead, look at the feature set of the two versions. Don't just assume that because one product is version 7 and one product is version 2, that one of them is more advanced than the other. And don't take any of those version numbers is being meaningful in any way that I just quoted. I use Fedora Linux that I think has a version release cycle of every 9 months. So I will soon be installing version 35 I think. I'm sorry I don't have a comparison list between the two and since I don't really have access to a computer besides my phone I can't even search for one. If you do find one or make a decision interested in what you find best of luck. Get BlueMail for Android On Oct 10, 2021, 12:18 PM, at 12:18 PM, joseph dingler wrote: >Hello All, > >Not sure I want to drown in all the drama/politics over at Oracle and >how you acquired OO; but I would assume that you have a non-compete or >other arrangement prohibiting you from 'giving-away' solaris or BSD >compatible/ported OO?? I have 2 main questions that I'm needing of you? > > >First and generally speaking; OO current version is 4.1 & Libre is 7.1, >are you really that far behind because Oracle didn't dev OO or did you >just adopt all their dev and just continue as your release versions? > >Second, as the entire Linux Community have become FLAMING >systemd-sexuals - while it is completely puzzling how there is such >agreement about something as controversial as systemd -; among the TWO >MILLION lines of un-audited code has suffered it's first crippling >handicap... it appears that unix flavors are going to begin getting an >infusion of interest, from mass exodus from the POXIS abomination... >What are your intentions of a BSD/Open Indiana/Open Solaris install? > >The 2nd question is of pressing importance, as I'mn looking into >putting some development into a Unix Desktop & needing productivity >tools to come standard in the distro. > > > >Joseph Dingler > >“If you take care of your people, your people will take care of your >customers and your business will take care of itself.” ~ J.W. Marriott >
OO disappears, forcing people to Libre & then reemerges as Apache...
Hello All, Not sure I want to drown in all the drama/politics over at Oracle and how you acquired OO; but I would assume that you have a non-compete or other arrangement prohibiting you from 'giving-away' solaris or BSD compatible/ported OO?? I have 2 main questions that I'm needing of you? First and generally speaking; OO current version is 4.1 & Libre is 7.1, are you really that far behind because Oracle didn't dev OO or did you just adopt all their dev and just continue as your release versions? Second, as the entire Linux Community have become FLAMING systemd-sexuals - while it is completely puzzling how there is such agreement about something as controversial as systemd -; among the TWO MILLION lines of un-audited code has suffered it's first crippling handicap... it appears that unix flavors are going to begin getting an infusion of interest, from mass exodus from the POXIS abomination... What are your intentions of a BSD/Open Indiana/Open Solaris install? The 2nd question is of pressing importance, as I'mn looking into putting some development into a Unix Desktop & needing productivity tools to come standard in the distro. Joseph Dingler “If you take care of your people, your people will take care of your customers and your business will take care of itself.” ~ J.W. Marriott
Re: Printing
Ooops! That was for LO. ___ For AOO, use: Format > Print Ranges > Define. On 10/10/2021 9:39 AM, Vince@Verizon wrote: C.: Have you defined the Print Range? Data > Define Range. First, give it a range name, then adjust the range to include your desired printed range for that sheet. VinceB. On 10/9/2021 2:20 PM, cmc1...@minburncomm.net wrote: Hello, �I have created an autoformatted spreadsheet using openoffice. I have named this spreadsheet but am not able to print it. How do I do this? C. Carlton
Re: Printing
C.: Have you defined the Print Range? Data > Define Range. First, give it a range name, then adjust the range to include your desired printed range for that sheet. VinceB. On 10/9/2021 2:20 PM, cmc1...@minburncomm.net wrote: Hello, �I have created an autoformatted spreadsheet using openoffice. I have named this spreadsheet but am not able to print it. How do I do this? C. Carlton
