I use both LO and OOo. Recently Apache on its user mailing list mentioned the CVE-2012-0037 security issue by name which affects both. Information about this seems to be hidden or at least hard to find. The only thing on the home page of LO is in the Blog announcement of 3.4.6 and a potential security fix. To get further information, another member of the mailing list ([email protected]) mentioned looking at the Release notes. Some more information, but still vague. Finally, someone on the list gave me a link to the Advisory page. My limited experience with security issues (mostly from AV problems for the Windows OS) is that security issues are given a name, CVE-2012-0037 in this case. In fact the Advisory page does do this, but the other places that I was able to go with helpful links from others didn't. The Release notes page was also vague. 3.4.6 fixes a potential security issue. (What issue? Is this teh CVE-2012-0037, or is there another resent security issue that I did not know about?) The 3.5.1 release note was even more vague. Safety wise, it fixes everything that is fixed in OO.o 3.3.0. Still no mentions of what the security issue is that has been fixed. My problem was that given the design of the website, I have no idea of where to look for the information using the links available on the home page. I wonder how many others don't know either. I am not subscribed to this mailing list as I do not regular discuss issues of web design of the LO website.
-Dan -- Unsubscribe instructions: E-mail to [email protected] Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/website/ All messages sent to this list will be publicly archived and cannot be deleted
