You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openoffice.apache.org by bu...@apache.org on 2013/08/01 19:16:02 UTC
svn commit: r872330 - in /websites/staging/ooo-site/trunk: cgi-bin/ content/
content/security/cves/CVE-2012-0037.html
content/security/cves/CVE-2013-1571.html
Author: buildbot
Date: Thu Aug 1 17:16:02 2013
New Revision: 872330
Log:
Staging update by buildbot for ooo-site
Modified:
websites/staging/ooo-site/trunk/cgi-bin/ (props changed)
websites/staging/ooo-site/trunk/content/ (props changed)
websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-0037.html
websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-1571.html
Propchange: websites/staging/ooo-site/trunk/cgi-bin/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Aug 1 17:16:02 2013
@@ -1 +1 @@
-1509171
+1509335
Propchange: websites/staging/ooo-site/trunk/content/
------------------------------------------------------------------------------
--- cms:source-revision (original)
+++ cms:source-revision Thu Aug 1 17:16:02 2013
@@ -1 +1 @@
-1509171
+1509335
Modified: websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-0037.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-0037.html (original)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2012-0037.html Thu Aug 1 17:16:02 2013
@@ -50,13 +50,13 @@ resources, an attacker would be able to
<p>OpenOffice.org 3.3.0 and 3.4 beta users can patch their installation with the following patches. Download, unzip and follow the instructions in the enclosed readme.pdf file.</p>
<ul>
- <li><a href="http://www.apache.org/dyn/closer.cgi/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip">For Windows installs</a>
-(<a href="http://www.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip.md5">MD5</a>)
-(<a href="http://www.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip.sha1">SHA1</a>)</li>
-
- <li><a href="http://www.apache.org/dyn/closer.cgi/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip">For MacOS installs</a>
-(<a href="http://www.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip.md5">MD5</a>)
-(<a href="http://www.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip.sha1">SHA1</a>)</li></li>
+ <li><a href="http://archive.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip">For Windows installs</a>
+(<a href="http://archive.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip.md5">MD5</a>)
+(<a href="http://archive.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-win.zip.sha1">SHA1</a>)</li>
+
+ <li><a href="http://archive.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip">For MacOS installs</a>
+(<a href="http://archive.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip.md5">MD5</a>)
+(<a href="http://archive.apache.org/dist/incubator/ooo/3.3/patches/cve-2012-0037/CVE-2012-0037-mac.zip.sha1">SHA1</a>)</li></li>
<li>Linux and other platforms should consult their distro or OS vendor for patch instructions.</li>
</ul>
@@ -70,7 +70,7 @@ We have provided MD5 and SHA1 hashes of
<p>
The MD5 and SHA1 hashes can be verified using Unix tools like sha1, sha1sum or md5sum.
<p>
-The PGP signatures can be verified using PGP or GPG. First download the <a href="http://www.apache.org/dist/incubator/ooo/KEYS">KEYS</a> file, as well as the asc signature file for the particular patch from above. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures as follows:
+The PGP signatures can be verified using PGP or GPG. First download the <a href="http://www.apache.org/dist/openoffice/KEYS">KEYS</a> file, as well as the asc signature file for the particular patch from above. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures as follows:
<p>
<code>
% pgpk -a KEYS <br>
Modified: websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-1571.html
==============================================================================
--- websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-1571.html (original)
+++ websites/staging/ooo-site/trunk/content/security/cves/CVE-2013-1571.html Thu Aug 1 17:16:02 2013
@@ -51,7 +51,7 @@ As reported on June 18th there is a <a h
<h4>Mitigation</h4>
<p>SDK users should update their installations by replacing /docs/java/ref/index.html with this
- <a href="http://www.apache.org/dyn/aoo-closer.cgi/incubator/ooo/3.4.1/source/cve-2013-1571.zip">patched version</a>.
+ <a href="http://archive.apache.org/dist/incubator/ooo/3.4.1/source/cve-2013-1571.zip">patched version</a>.
Download, unzip and follow the instructions in the enclosed README file.</p>
<p>Users with earlier versions of the SDK (pre 3.4.1) should <a href="http://www.download.openoffice.org/download/other.html#tested-sdk">upgrade to the current version</a> and then apply the patch. Alternative, they can download and run
@@ -62,13 +62,13 @@ As reported on June 18th there is a <a h
<h4>Verifying the Integrity of Downloaded Files</h4>
<p>
-We have provided <a href="http://www.apache.org/dist/incubator/ooo/3.4.1/source/cve-2013-1571.zip.md5">MD5</a> and <a href="http://www.apache.org/dist/incubator/ooo/3.4.1/source/cve-2013-1571.zip.sha256">SHA256</a> hashes of these patches,
- as well as a <a href="http://www.apache.org/dist/incubator/ooo/3.4.1/source/cve-2013-1571.zip.asc">GPG/PGP detached digital signature</a>, for those who wish to verify the
+We have provided <a href="http://archive.apache.org/dist/incubator/ooo/3.4.1/source/cve-2013-1571.zip.md5">MD5</a> and <a href="http://archive.apache.org/dist/incubator/ooo/3.4.1/source/cve-2013-1571.zip.sha256">SHA256</a> hashes of these patches,
+ as well as a <a href="http://archive.apache.org/dist/incubator/ooo/3.4.1/source/cve-2013-1571.zip.asc">GPG/PGP detached digital signature</a>, for those who wish to verify the
integrity of this file.
<p>
The MD5 and SHA256 hashes can be verified using Unix tools like md5sum or sha256sum.
<p>
-The PGP signatures can be verified using PGP or GPG. First download the <a href="http://www.apache.org/dist/incubator/ooo/KEYS">KEYS</a> file, as well as the asc signature file for the particular patch from above. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures as follows:
+The PGP signatures can be verified using PGP or GPG. First download the <a href="http://www.apache.org/dist/openoffice/KEYS">KEYS</a> file, as well as the asc signature file for the particular patch from above. Make sure you get these files from the main distribution directory, rather than from a mirror. Then verify the signatures as follows:
<p>
<code>
% pgpk -a KEYS <br>