[Libreoffice] Oracle Open Office Two Vulnerabilities -> any LibreOffice related problem?

Rene Engelhard rene at debian.org
Wed Jan 19 06:58:53 PST 2011


On Wed, Jan 19, 2011 at 03:46:27PM +0100, Rene Engelhard wrote:
> Already fixed. Don't find the commit anymore, but it was in a ooo-build
> patch and got merged over to libs-core (tools) and impress (sd).
> See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2935 and
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2936

And before anyone screams about coordinated disclosure and wonders whether
OOo 3.2.1 is affected: yes, it is.

Was reported and at the time it was reported it was already public
(by Se. So all
distros updated their packages (see the references in the CVE links)
- and Oracle in their usual policy waits for the next release -
which is 3.3.0.. No idea when/whether/how they update
StarOffice/Oracle Open Office.


 .''`.  René Engelhard -- Debian GNU/Linux Developer
 : :' : http://www.debian.org | http://people.debian.org/~rene/
 `. `'  rene at debian.org | GnuPG-Key ID: D03E3E70
   `-   Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70

More information about the LibreOffice mailing list