On 02/13/2008 07:20 AM, David B Teague wrote: > Dan wrote: >> On Wednesday 13 February 2008 06:43:21 David B Teague wrote: >> >>> Secunia PCI classed the version of OO.o I have installed, 2.3.1, as >>> "insecure" and connected me to the OO.o downloads page. >>> >>> <SNIP> >>> >>> Questions: >>> >>> How severe is the security problem with 2.3.1? >>> Is there a more secure OO.o yet stable version out there? >>> If you recommend a later version, where do I find it? >> Maybe the first thing you should do is to contact Secunia PCI to find out >> why they consider OpenOffice.org "insecure". As far as I know, there have >> been very few security problems found in OOo, and they have been fixed >> fairly >> quickly. One of these problems concerned something that was discovered "in >> the lab", and it was fixed before it got out into the wild. >> > Dan, > > I had clicked the "download update" link in the Secunia page, where it > showed OO.o 2.3.1 as insecure, but not installed the "newer" version. > So, before checking back with Secunia as to why OO.o is insecure, I > rescanned my system with Secunia PCI. Now it calls OO.o 2.3.1 a secure > "Patched" version, and I cannot seem to get the "insecure" result again. > I wonder if it recorded my visit to the OO.o downloads page as having > fixed the problem. > > I now have some reservations about this piece of software. >
Secunia's own status page on OOo: http://secunia.com/product/6157/?task=advisories_2008 <quote> Secunia has issued a total of 0 Secunia advisories in 2008 for OpenOffice.org 2.x. Currently, 0% (0 out of 0) are marked as Unpatched. </quote> If you look at their 2007 page: http://secunia.com/product/6157/?task=advisories_2007 All are fixed, however they show one partially fixed: http://secunia.com/advisories/24588/ Perhaps that is what they are triggering on. But even there they are unclear: <quote> This affects 2.x versions prior to 2.2 only. . . . Solution: Update to version 2.2 or apply patches. </quote> You can view OOo security bulletins here: http://www.openoffice.org/security/bulletin.html --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
