You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by Rob Weir <ro...@apache.org> on 2013/06/21 14:31:29 UTC
[ANNOUNCEMENT] Javadoc HTML frame injection vulnerability and AOO SDK
We've published a security bulletin and patch for the Apache
OpenOffice 3.4.1 SDK.
Due to a flaw in JavaDoc generated API documentation, one of the files
in the 3.4.1 SDK is vulnerable to an HTML frame injection attack.
Details on the issue, and a patched HTML file, can be found here:
http://www.openoffice.org/security/cves/CVE-2013-1571.html
Note: this impacts only installations of the SDK. Normal end-user
installs of Apache OpenOffice are not impacted.
Regards,
Rob Weir
Apache OpenOffice Security Team
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org