You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@openoffice.apache.org by Kazunari Hirano <kh...@gmail.com> on 2012/03/26 03:11:07 UTC
CVE-2011-2713 patch?
Hi all,
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
Do we have a patch for this?
Thanks,
khirano
--
khirano@apache.org
Apache OpenOffice (incubating)
http://incubator.apache.org/openofficeorg/
Re: CVE-2011-2713 patch?
Posted by Rob Weir <ro...@apache.org>.
On Mon, Mar 26, 2012 at 7:08 PM, Kazunari Hirano <kh...@gmail.com> wrote:
> Hi Rob,
>
> Thanks.
> Apache OpenOffice (Incubating) provides CVE-2012-0037 patch for
> OpenOffice.org 3.3.0.
> Should we also provide CVE-2011-2713 patch for OpenOffice.org 3.3.0?
>
>
I don't believe so, because CVE-2011-2713 is not a security issue. It is
just a crash.
-Rob
> Thanks,
> khirano
>
> On Tue, Mar 27, 2012 at 7:46 AM, Rob Weir <ro...@apache.org> wrote:
> > On Sun, Mar 25, 2012 at 9:11 PM, Kazunari Hirano <kh...@gmail.com>
> wrote:
> >
> >> Hi all,
> >>
> >> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
> >>
> >> Do we have a patch for this?
> >>
> >>
> > More info on this issue here:
> >
> > https://bugzilla.redhat.com/show_bug.cgi?id=725668
> >
> > Note that it was downgraded from a security vulnerability to an ordinary
> > crash. Of course, it would be nice if we did not crash when loading a
> > corrupt DOC file.
> >
> > I've sent a note to Huzaifa Sidhpurwala at RedHat, who discovered the
> issue
> > originally, to see if he has a test file we can use to see if AOO 3.4 has
> > the issue as well.
> >
> > -Rob
> >
> >
> >> Thanks,
> >> khirano
> >> --
> >> khirano@apache.org
> >> Apache OpenOffice (incubating)
> >> http://incubator.apache.org/openofficeorg/
> >>
>
>
>
> --
> khirano@apache.org
> Apache OpenOffice (incubating)
> http://incubator.apache.org/openofficeorg/
>
Re: CVE-2011-2713 patch?
Posted by Kazunari Hirano <kh...@gmail.com>.
Hi Rob,
Thanks.
Apache OpenOffice (Incubating) provides CVE-2012-0037 patch for
OpenOffice.org 3.3.0.
Should we also provide CVE-2011-2713 patch for OpenOffice.org 3.3.0?
Thanks,
khirano
On Tue, Mar 27, 2012 at 7:46 AM, Rob Weir <ro...@apache.org> wrote:
> On Sun, Mar 25, 2012 at 9:11 PM, Kazunari Hirano <kh...@gmail.com> wrote:
>
>> Hi all,
>>
>> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
>>
>> Do we have a patch for this?
>>
>>
> More info on this issue here:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=725668
>
> Note that it was downgraded from a security vulnerability to an ordinary
> crash. Of course, it would be nice if we did not crash when loading a
> corrupt DOC file.
>
> I've sent a note to Huzaifa Sidhpurwala at RedHat, who discovered the issue
> originally, to see if he has a test file we can use to see if AOO 3.4 has
> the issue as well.
>
> -Rob
>
>
>> Thanks,
>> khirano
>> --
>> khirano@apache.org
>> Apache OpenOffice (incubating)
>> http://incubator.apache.org/openofficeorg/
>>
--
khirano@apache.org
Apache OpenOffice (incubating)
http://incubator.apache.org/openofficeorg/
Re: CVE-2011-2713 patch?
Posted by Rob Weir <ro...@apache.org>.
On Sun, Mar 25, 2012 at 9:11 PM, Kazunari Hirano <kh...@gmail.com> wrote:
> Hi all,
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2713
>
> Do we have a patch for this?
>
>
More info on this issue here:
https://bugzilla.redhat.com/show_bug.cgi?id=725668
Note that it was downgraded from a security vulnerability to an ordinary
crash. Of course, it would be nice if we did not crash when loading a
corrupt DOC file.
I've sent a note to Huzaifa Sidhpurwala at RedHat, who discovered the issue
originally, to see if he has a test file we can use to see if AOO 3.4 has
the issue as well.
-Rob
> Thanks,
> khirano
> --
> khirano@apache.org
> Apache OpenOffice (incubating)
> http://incubator.apache.org/openofficeorg/
>