[Libreoffice] Oracle Open Office Two Vulnerabilities -> any LibreOffice related problem?
Rene Engelhard
rene at debian.org
Wed Jan 19 06:58:53 PST 2011
Hi,
On Wed, Jan 19, 2011 at 03:46:27PM +0100, Rene Engelhard wrote:
> Already fixed. Don't find the commit anymore, but it was in a ooo-build
> patch and got merged over to libs-core (tools) and impress (sd).
>
> See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2935 and
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2936
And before anyone screams about coordinated disclosure and wonders whether
OOo 3.2.1 is affected: yes, it is.
Was reported and at the time it was reported it was already public
(by Se. So all
distros updated their packages (see the references in the CVE links)
- and Oracle in their usual policy waits for the next release -
which is 3.3.0.. No idea when/whether/how they update
StarOffice/Oracle Open Office.
Grüße/Regards,
René
--
.''`. René Engelhard -- Debian GNU/Linux Developer
: :' : http://www.debian.org | http://people.debian.org/~rene/
`. `' rene at debian.org | GnuPG-Key ID: D03E3E70
`- Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70
More information about the LibreOffice
mailing list