This was a common vulnerability in software having lineage from OpenOffice 3.x, where it was introduced as part of support for features that are new in ODF 1.2.
I have provided an unofficial, personal analysis on the ooo-users list. See <http://mail-archives.apache.org/mod_mbox/incubator-ooo-users/201203.mbox/%[email protected]%3e>. (I considered posting that here, but wasn't sure if it would be seen as appropriate.) - Dennis -----Original Message----- From: Nino Novak [mailto:[email protected]] Sent: Friday, March 23, 2012 06:29 To: [email protected] Subject: Re: [libreoffice-users] CVE-2012-0337 Hi Dan, On Friday 23 March 2012, 08:53:54 Dan Lewis wrote: > On Fri, 2012-03-23 at 08:10 -0400, drew jensen wrote: > > On Fri, 2012-03-23 at 07:55 -0400, Dan Lewis wrote: > ... [vague security announcements] > What security issues? I'm not sure I know from what I read. I tend to share your wish for a clearer information here. > Another thing that comes from trying to find this information: What > is a link that I can use to list my concerns or other comments about the > layout of the LO website? As the project is self organized I'd suggest to raise your concerns in the website[1] list. There's also a more formal procedure to file an issue in bugzilla[2] (component WWW) HTH Nino [ ... ] -- For unsubscribe instructions e-mail to: [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
