This is an automated email from the ASF dual-hosted git repository.
marcus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
commit 7102a35fa02f42c8e9c5e46e5b3a5b4fa50025b9
Author: Marcus <mar...@apache.org>
AuthorDate: Sat May 15 17:59:08 2021 +0200
Updated text
---
content/security/alerts.html | 55 ++++---
content/security/bulletin.html | 352 ++++++++++++++++++++---------------------
content/security/faq.html | 282 ++++++++++++++++++---------------
content/security/index.html | 110 +++++++------
4 files changed, 420 insertions(+), 379 deletions(-)
diff --git a/content/security/alerts.html b/content/security/alerts.html
index 2e74a1e..9ed06ff 100644
--- a/content/security/alerts.html
+++ b/content/security/alerts.html
@@ -1,40 +1,43 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
-
-<html xmlns="http://www.w3.org/1999/xhtml";>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-
<title>Apache OpenOffice Security Alerts</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
+ <style>
+ /*<![CDATA[*/
+ hr { display: block }
/*]]>*/
</style>
</head>
<body>
- <h2>Apache OpenOffice Security Alerts</h2>
-
- <p>The Apache OpenOffice Security Team publishes details of security
- vulnerabilities in our <a
href="https://www.openoffice.org/security/bulletin.html";>Security
- Bulletin</a>.</p>
- <p>We also publish these alerts via the project's announcement list,
<em>announce</em>.</p>
-
- <p>If you would like to subscribe to the list, please send a blank email to
- <a href=
-
"mailto:announce-subscr...@openoffice.apache.org";>announce-subscr...@openoffice.apache.org</a>.
- You will be sent an email from instructions how to confirm your
- subscription. Once you have confirmed your subscription, you will receive
- any future emails from announce until you
- unsubscribe.</p>
+ <h2>Apache OpenOffice Security Alerts</h2>
- <p>Please note that the mailing list is fully automated, so if you use
- spam-filtering software, please make sure it will accept emails from
- <em>annou...@openoffice.apache.org</em> <u>before</u> you try and
- subscribe.</p>
+ <p>
+ The Apache OpenOffice Security Team publishes details of security
vulnerabilities in our
+ <a href="https://www.openoffice.org/security/bulletin.html";>Security
Bulletin</a>.
+ </p>
+
+ <p>
+ We also publish these alerts via the project's announcement list,
<em>announce</em>.
+ </p>
+
+ <p>
+ If you would like to subscribe to the list, please send a blank email to
+ <a
href="mailto:announce-subscr...@openoffice.apache.org";>announce-subscr...@openoffice.apache.org</a>.
+ You will be sent an email from instructions how to confirm your
subscription. Once you
+ have confirmed your subscription, you will receive any future emails from
announce until
+ you unsubscribe.
+ </p>
+
+ <p>
+ Please note that the mailing list is fully automated, so if you use
spam-filtering
+ software, please make sure it will accept emails from
+ <em>annou...@openoffice.apache.org</em> <u>before</u> you try and
subscribe.
+ </p>
<a href="https://openoffice.apache.org/security.html";>Security Reports</a>
+
</body>
</html>
diff --git a/content/security/bulletin.html b/content/security/bulletin.html
index f9c96dc..7cd412a 100644
--- a/content/security/bulletin.html
+++ b/content/security/bulletin.html
@@ -1,255 +1,249 @@
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
-
-<html xmlns="http://www.w3.org/1999/xhtml";>
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache OpenOffice Security Team Bulletin</title>
- <style type="text/css">
+ <style>
/*<![CDATA[*/
- hr { display: block }
+ hr { display: block }
/*]]>*/
</style>
-
</head>
<body>
-<!-- This page needs further adjustment to avoid style conflicts with
- the HTML5 wrappers that it is embedded under.
--->
-
-<h2>Apache OpenOffice Security Team Bulletin</h2>
+ <h2>Apache OpenOffice Security Team Bulletin</h2>
-<p>
- <strong>
- If you want to stay up to date on Apache OpenOffice security
announcements, please subscribe to our <a href="alerts.html">security-alerts
mailing list</a>.
- </strong>
-</p>
+ <p>
+ <strong>If you want to stay up to date on Apache OpenOffice security
announcements, please
+ subscribe to our <a href="alerts.html">security-alerts mailing
list</a>.</strong>
+ </p>
-<h3>Fixed in Apache OpenOffice 4.1.10</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.10</h3>
-<ul>
- <li><a href="cves/CVE-2021-30245.html">CVE-2021-30245</a>: Code execution in
Apache OpenOffice via non-http(s) schemes in Hyperlinks </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2021-30245.html">CVE-2021-30245</a>: Code execution
in Apache OpenOffice via non-http(s) schemes in Hyperlinks</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.8</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.8</h3>
-<ul>
- <li><a href="cves/CVE-2020-13958.html">CVE-2020-13958</a>: Unrestricted
actions leads to arbitrary code execution in crafted documents </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2020-13958.html">CVE-2020-13958</a>: Unrestricted
actions leads to arbitrary code execution in crafted documents</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.7</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.7</h3>
-<ul>
- <li><a href="cves/CVE-2019-9853.html">CVE-2019-9853</a>: Insufficient URL
decoding flaw in categorizing macro location </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2019-9853.html">CVE-2019-9853</a>: Insufficient URL
decoding flaw in categorizing macro location</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.6</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.6</h3>
-<ul>
- <li><a href="cves/CVE-2018-11790.html">CVE-2018-11790</a>: Arithmetic
overflow and wrap around during string length calculation </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2018-11790.html">CVE-2018-11790</a>: Arithmetic
overflow and wrap around during string length calculation </li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.5</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.5</h3>
-<ul>
- <li>No security vulnerabilities fixed in this release</li>
-</ul>
+ <ul>
+ <li>No security vulnerabilities fixed in this release</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.4</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.4</h3>
-<ul>
- <li><a href="cves/CVE-2017-3157.html">CVE-2017-3157</a>: Arbitrary file
disclosure in Calc and Writer</li>
- <li><a href="cves/CVE-2017-9806.html">CVE-2017-9806</a>: Out-of-Bounds
Write in Writer's WW8Fonts Constructor</li>
- <li><a href="cves/CVE-2017-12607.html">CVE-2017-12607</a>: Out-of-Bounds
Write in Impress' PPT Filter</li>
- <li><a href="cves/CVE-2017-12608.html">CVE-2017-12608</a>: Out-of-Bounds
Write in Writer's ImportOldFormatStyles</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2017-3157.html">CVE-2017-3157</a>: Arbitrary file
disclosure in Calc and Writer</li>
+ <li><a href="cves/CVE-2017-9806.html">CVE-2017-9806</a>: Out-of-Bounds
Write in Writer's WW8Fonts Constructor</li>
+ <li><a href="cves/CVE-2017-12607.html">CVE-2017-12607</a>: Out-of-Bounds
Write in Impress' PPT Filter</li>
+ <li><a href="cves/CVE-2017-12608.html">CVE-2017-12608</a>: Out-of-Bounds
Write in Writer's ImportOldFormatStyles</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.3</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.3</h3>
-<ul>
- <li><a href="cves/CVE-2016-1513.html">CVE-2016-1513</a>: Memory Corruption
Vulnerability (Impress Presentations)</li>
- <li><a href="cves/CVE-2016-6803.html">CVE-2016-6803</a>: Windows Installer
Can Enable Privileged Trojan Execution</li>
- <li><a href="cves/CVE-2016-6804.html">CVE-2016-6804</a>: Windows Installer
Execution of Arbitrary Code with Elevated Privileges</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2016-1513.html">CVE-2016-1513</a>: Memory Corruption
Vulnerability (Impress Presentations)</li>
+ <li><a href="cves/CVE-2016-6803.html">CVE-2016-6803</a>: Windows Installer
Can Enable Privileged Trojan Execution</li>
+ <li><a href="cves/CVE-2016-6804.html">CVE-2016-6804</a>: Windows Installer
Execution of Arbitrary Code with Elevated Privileges</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.2</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.2</h3>
-<ul>
- <li><a href="cves/CVE-2015-1774.html">CVE-2015-1774</a>: Out-of-Bounds Write
in HWP File Filter</li>
- <li><a href="cves/CVE-2015-4551.html">CVE-2015-4551</a>: Targeted Data
Disclosure</li>
- <li><a href="cves/CVE-2015-5212.html">CVE-2015-5212</a>: ODF Printer
Settings Vulnerability</li>
- <li><a href="cves/CVE-2015-5213.html">CVE-2015-5213</a>: .DOC Document
Vulnerability</li>
- <li><a href="cves/CVE-2015-5214.html">CVE-2015-5214</a>: .DOC Bookmarks
Vulnerability</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2015-1774.html">CVE-2015-1774</a>: Out-of-Bounds
Write in HWP File Filter</li>
+ <li><a href="cves/CVE-2015-4551.html">CVE-2015-4551</a>: Targeted Data
Disclosure</li>
+ <li><a href="cves/CVE-2015-5212.html">CVE-2015-5212</a>: ODF Printer
Settings Vulnerability</li>
+ <li><a href="cves/CVE-2015-5213.html">CVE-2015-5213</a>: .DOC Document
Vulnerability</li>
+ <li><a href="cves/CVE-2015-5214.html">CVE-2015-5214</a>: .DOC Bookmarks
Vulnerability</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.1.1</h3>
+ <h3>Fixed in Apache OpenOffice 4.1.1</h3>
-<ul>
- <li><a href="cves/CVE-2014-3575.html">CVE-2014-3575</a>: Targeted Data
Exposure Using Crafted OLE Objects in Apache OpenOffice</li>
- <li><a href="cves/CVE-2014-3524.html">CVE-2014-3524</a>: Calc Command
Injection Vulnerability in Apache OpenOffice</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2014-3575.html">CVE-2014-3575</a>: Targeted Data
Exposure Using Crafted OLE Objects in Apache OpenOffice</li>
+ <li><a href="cves/CVE-2014-3524.html">CVE-2014-3524</a>: Calc Command
Injection Vulnerability in Apache OpenOffice</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 4.0.0</h3>
+ <h3>Fixed in Apache OpenOffice 4.0.0</h3>
-<ul>
- <li><a href="cves/CVE-2013-2189.html">CVE-2013-2189</a>: DOC Memory
Corruption Vulnerability in Apache OpenOffice</li>
- <li><a href="cves/CVE-2013-4156.html">CVE-2013-4156</a>: DOCM Memory
Corruption Vulnerability in Apache OpenOffice</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2013-2189.html">CVE-2013-2189</a>: DOC Memory
Corruption Vulnerability in Apache OpenOffice</li>
+ <li><a href="cves/CVE-2013-4156.html">CVE-2013-4156</a>: DOCM Memory
Corruption Vulnerability in Apache OpenOffice</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 3.4.1</h3>
+ <h3>Fixed in Apache OpenOffice 3.4.1</h3>
-<ul>
- <li><a href="cves/CVE-2012-2665.html">CVE-2012-2665</a>: Manifest-processing
errors in Apache OpenOffice 3.4.0</li>
- <li><a href="cves/CVE-2013-1571.html">CVE-2013-1571</a>: Frame Injection
Vulnerability in SDK JavaDoc</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2012-2665.html">CVE-2012-2665</a>:
Manifest-processing errors in Apache OpenOffice 3.4.0</li>
+ <li><a href="cves/CVE-2013-1571.html">CVE-2013-1571</a>: Frame Injection
Vulnerability in SDK JavaDoc</li>
+ </ul>
-<h3>Fixed in Apache OpenOffice 3.4.0</h3>
+ <h3>Fixed in Apache OpenOffice 3.4.0</h3>
-<ul>
- <li><a href="cves/CVE-2012-1149.html">CVE-2012-1149</a>: OpenOffice.org
integer overflow error in vclmi.dll module when allocating memory for an
embedded image object</li>
- <li><a href="cves/CVE-2012-2149.html">CVE-2012-2149</a>: OpenOffice.org
memory overwrite vulnerability</li>
- <li><a href="cves/CVE-2012-2334.html">CVE-2012-2334</a>: Vulnerabilities
related to malformed Powerpoint files in OpenOffice.org 3.3.0</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2012-1149.html">CVE-2012-1149</a>: OpenOffice.org
integer overflow error in vclmi.dll module when allocating memory for an
embedded image object</li>
+ <li><a href="cves/CVE-2012-2149.html">CVE-2012-2149</a>: OpenOffice.org
memory overwrite vulnerability</li>
+ <li><a href="cves/CVE-2012-2334.html">CVE-2012-2334</a>: Vulnerabilities
related to malformed Powerpoint files in OpenOffice.org 3.3.0</li>
+ </ul>
-<h3>Patches for OpenOffice.org 3.3</h3>
+ <h3>Patches for OpenOffice.org 3.3</h3>
-<ul>
- <li><a href="cves/CVE-2012-0037.html">CVE-2012-0037</a>: OpenOffice.org data
leakage vulnerability</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2012-0037.html">CVE-2012-0037</a>: OpenOffice.org
data leakage vulnerability</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.3</h3>
+ <h3>Fixed in OpenOffice.org 3.3</h3>
-<ul>
- <li><a href="cves/CVE-2010-2935_CVE-2010-2936.html">CVE-2010-2935 /
CVE-2010-2936</a>: Security Vulnerability in OpenOffice.org related to
PowerPoint document processing</li>
- <li><a href="cves/CVE-2010-3450.html">CVE-2010-3450</a>: Security
Vulnerability in OpenOffice.org related to Extensions and filter package
files</li>
- <li><a href="cves/CVE-2010-3451_CVE-2010-3452.html">CVE-2010-3451 /
CVE-2010-3452</a>: Security Vulnerability in OpenOffice.org related to RTF
document processing </li>
- <li><a href="cves/CVE-2010-3453_CVE-2010-3454.html">CVE-2010-3453 /
CVE-2010-3454</a>: Security Vulnerability in OpenOffice.org related to Word
document processing </li>
- <li><a href="cves/CVE-2010-3689.html">CVE-2010-3689</a>: Insecure
LD_LIBRARY_PATH usage in OpenOffice.org shell scripts </li>
- <li><a href="cves/CVE-2010-3702_CVE-2010-3704.html">CVE-2010-3702 /
CVE-2010-3704</a>: Security Vulnerability in OpenOffice.org's PDF Import
extension resulting from 3rd party library XPDF</li>
- <li><a href="cves/CVE-2010-4008_CVE-2010-4494.html">CVE-2010-4008 /
CVE-2010-4494</a>: Possible Security Vulnerability in OpenOffice.org resulting
from 3rd party library LIBXML2 </li>
- <li><a href="cves/CVE-2010-4253.html">CVE-2010-4253</a>: Security
Vulnerability in OpenOffice.org related to PNG file processing </li>
- <li><a href="cves/CVE-2010-4643.html">CVE-2010-4643</a>: Security
Vulnerability in OpenOffice.org related to TGA file processing </li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2010-2935_CVE-2010-2936.html">CVE-2010-2935 /
CVE-2010-2936</a>: Security Vulnerability in OpenOffice.org related to
PowerPoint document processing</li>
+ <li><a href="cves/CVE-2010-3450.html">CVE-2010-3450</a>: Security
Vulnerability in OpenOffice.org related to Extensions and filter package
files</li>
+ <li><a href="cves/CVE-2010-3451_CVE-2010-3452.html">CVE-2010-3451 /
CVE-2010-3452</a>: Security Vulnerability in OpenOffice.org related to RTF
document processing </li>
+ <li><a href="cves/CVE-2010-3453_CVE-2010-3454.html">CVE-2010-3453 /
CVE-2010-3454</a>: Security Vulnerability in OpenOffice.org related to Word
document processing </li>
+ <li><a href="cves/CVE-2010-3689.html">CVE-2010-3689</a>: Insecure
LD_LIBRARY_PATH usage in OpenOffice.org shell scripts </li>
+ <li><a href="cves/CVE-2010-3702_CVE-2010-3704.html">CVE-2010-3702 /
CVE-2010-3704</a>: Security Vulnerability in OpenOffice.org's PDF Import
extension resulting from 3rd party library XPDF</li>
+ <li><a href="cves/CVE-2010-4008_CVE-2010-4494.html">CVE-2010-4008 /
CVE-2010-4494</a>: Possible Security Vulnerability in OpenOffice.org resulting
from 3rd party library LIBXML2 </li>
+ <li><a href="cves/CVE-2010-4253.html">CVE-2010-4253</a>: Security
Vulnerability in OpenOffice.org related to PNG file processing </li>
+ <li><a href="cves/CVE-2010-4643.html">CVE-2010-4643</a>: Security
Vulnerability in OpenOffice.org related to TGA file processing </li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.2.1</h3>
+ <h3>Fixed in OpenOffice.org 3.2.1</h3>
-<ul>
- <li><a href="cves/CVE-2009-3555.html">CVE-2009-3555</a>: OpenOffice.org 2
and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party
Libraries</li>
- <li><a href="cves/CVE-2010-0395.html">CVE-2010-0395</a>: Security
vulnerability in OpenOffice.org related to python scripting</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2009-3555.html">CVE-2009-3555</a>: OpenOffice.org 2
and 3 may be affected by the TLS/SSL Renegotiation Issue in 3rd Party
Libraries</li>
+ <li><a href="cves/CVE-2010-0395.html">CVE-2010-0395</a>: Security
vulnerability in OpenOffice.org related to python scripting</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.2</h3>
+ <h3>Fixed in OpenOffice.org 3.2</h3>
-<ul>
- <li><a href="cves/CVE-2006-4339.html">CVE-2006-4339</a>: Potential
vulnerability from 3rd party libxml2 libraries</li>
- <li><a href="cves/CVE-2009-0217.html">CVE-2009-0217</a>: Potential
vulnerability from 3rd party libxmlsec libraries</li>
- <li><a href="cves/CVE-2009-2493.html">CVE-2009-2493</a>: OpenOffice.org 3
for Windows bundles a vulnerable version of MSVC Runtime</li>
- <li><a href="cves/CVE-2009-2949.html">CVE-2009-2949</a>: Potential
vulnerability related to XPM file processing</li>
- <li><a href="cves/CVE-2009-2950.html">CVE-2009-2950</a>: Potential
vulnerability related to GIF file processing</li>
- <li><a href="cves/CVE-2009-3301-3302.html">CVE-2009-3301/2</a>: Potential
vulnerability related to MS-Word document processing</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2006-4339.html">CVE-2006-4339</a>: Potential
vulnerability from 3rd party libxml2 libraries</li>
+ <li><a href="cves/CVE-2009-0217.html">CVE-2009-0217</a>: Potential
vulnerability from 3rd party libxmlsec libraries</li>
+ <li><a href="cves/CVE-2009-2493.html">CVE-2009-2493</a>: OpenOffice.org 3
for Windows bundles a vulnerable version of MSVC Runtime</li>
+ <li><a href="cves/CVE-2009-2949.html">CVE-2009-2949</a>: Potential
vulnerability related to XPM file processing</li>
+ <li><a href="cves/CVE-2009-2950.html">CVE-2009-2950</a>: Potential
vulnerability related to GIF file processing</li>
+ <li><a href="cves/CVE-2009-3301-3302.html">CVE-2009-3301/2</a>: Potential
vulnerability related to MS-Word document processing</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.1.1</h3>
+ <h3>Fixed in OpenOffice.org 3.1.1</h3>
-<ul>
- <li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 /
CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows
and arbitrary code execution</li>
- <li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 /
CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code
execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 /
CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows
and arbitrary code execution</li>
+ <li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 /
CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code
execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.1</h3>
+ <h3>Fixed in OpenOffice.org 3.1</h3>
-<ul>
- <li>No security vulnerabilities fixed in this release</li>
-</ul>
+ <ul>
+ <li>No security vulnerabilities fixed in this release</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.0.1</h3>
+ <h3>Fixed in OpenOffice.org 3.0.1</h3>
-<ul>
- <li>No security vulnerabilities fixed in this release</li>
-</ul>
+ <ul>
+ <li>No security vulnerabilities fixed in this release</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 3.0</h3>
+ <h3>Fixed in OpenOffice.org 3.0</h3>
-<ul>
- <li>No security vulnerabilities fixed in this release</li>
-</ul>
+ <ul>
+ <li>No security vulnerabilities fixed in this release</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.4.3</h3>
+ <h3>Fixed in OpenOffice.org 2.4.3</h3>
-<ul>
- <li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 /
CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows
and arbitrary code execution</li>
- <li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 /
CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code
execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2009-0200-0201.html">CVE-2009-0200 /
CVE-2009-0201</a>: Manipulated Microsoft Word files can lead to heap overflows
and arbitrary code execution</li>
+ <li><a href="cves/CVE-2009-2414-2416.html">CVE-2009-2414 /
CVE-2009-2416</a>: Manipulated XML documents can lead to arbitrary code
execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.4.2</h3>
+ <h3>Fixed in OpenOffice.org 2.4.2</h3>
-<ul>
- <li><a href="cves/CVE-2008-2237.html">CVE-2008-2237</a>: Manipulated WMF
files can lead to heap overflows and arbitrary code execution</li>
- <li><a href="cves/CVE-2008-2238.html">CVE-2008-2238</a>: Manipulated EMF
files can lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2008-2237.html">CVE-2008-2237</a>: Manipulated WMF
files can lead to heap overflows and arbitrary code execution</li>
+ <li><a href="cves/CVE-2008-2238.html">CVE-2008-2238</a>: Manipulated EMF
files can lead to heap overflows and arbitrary code execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.4.1</h3>
+ <h3>Fixed in OpenOffice.org 2.4.1</h3>
-<ul>
- <li><a href="cves/CVE-2008-2152.html">CVE-2008-2152</a>: Different kinds of
manipulated files may lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2008-2152.html">CVE-2008-2152</a>: Different kinds
of manipulated files may lead to heap overflows and arbitrary code
execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.4</h3>
+ <h3>Fixed in OpenOffice.org 2.4</h3>
-<ul>
- <li><a href="cves/CVE-2007-4770.html">CVE-2007-4770/4771</a>: Manipulated
ODF text documents containing XForms can lead to heap overflows and arbitrary
code execution</li>
- <li><a href="cves/CVE-2007-5745.html">CVE-2007-5745/5747</a>: Manipulated
Quattro Pro files can lead to heap overflows and arbitrary code execution</li>
- <li><a href="cves/CVE-2007-5746.html">CVE-2007-5746</a>: Manipulated EMF
files can lead to heap overflows and arbitrary code execution</li>
- <li><a href="cves/CVE-2008-0320.html">CVE-2008-0320</a>: Manipulated OLE
files can lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-4770.html">CVE-2007-4770/4771</a>: Manipulated
ODF text documents containing XForms can lead to heap overflows and arbitrary
code execution</li>
+ <li><a href="cves/CVE-2007-5745.html">CVE-2007-5745/5747</a>: Manipulated
Quattro Pro files can lead to heap overflows and arbitrary code execution</li>
+ <li><a href="cves/CVE-2007-5746.html">CVE-2007-5746</a>: Manipulated EMF
files can lead to heap overflows and arbitrary code execution</li>
+ <li><a href="cves/CVE-2008-0320.html">CVE-2008-0320</a>: Manipulated OLE
files can lead to heap overflows and arbitrary code execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.3.1</h3>
+ <h3>Fixed in OpenOffice.org 2.3.1</h3>
-<ul>
- <li><a href="cves/CVE-2007-4575.html">CVE-2007-4575</a>: Potential arbitrary
code execution vulnerability in 3rd party module (HSQLDB)</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-4575.html">CVE-2007-4575</a>: Potential
arbitrary code execution vulnerability in 3rd party module (HSQLDB)</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.3</h3>
+ <h3>Fixed in OpenOffice.org 2.3</h3>
-<ul>
- <li><a href="cves/CVE-2007-2834.html">CVE-2007-2834</a>: Manipulated TIFF
files can lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-2834.html">CVE-2007-2834</a>: Manipulated TIFF
files can lead to heap overflows and arbitrary code execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.2.1</h3>
+ <h3>Fixed in OpenOffice.org 2.2.1</h3>
-<ul>
- <li><a href="cves/CVE-2007-2754.html">CVE-2007-2754</a>: Integer overflow
and heap-based buffer overflow vulnerability in 3rd party module (freetype)</li>
- <li><a href="cves/CVE-2007-0245.html">CVE-2007-0245</a>: Manipulated RTF
files can lead to heap overflows and arbitrary code execution</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-2754.html">CVE-2007-2754</a>: Integer overflow
and heap-based buffer overflow vulnerability in 3rd party module (freetype)</li>
+ <li><a href="cves/CVE-2007-0245.html">CVE-2007-0245</a>: Manipulated RTF
files can lead to heap overflows and arbitrary code execution</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.2</h3>
+ <h3>Fixed in OpenOffice.org 2.2</h3>
-<ul>
- <li><a href="cves/CVE-2007-0239.html">CVE-2007-0239</a>: URL Handling
Security Vulnerability (Linux/Solaris)</li>
- <li><a href="cves/CVE-2007-0238.html">CVE-2007-0238</a>: StarCalc
Vulnerability</li>
- <li><a href="cves/CVE-2007-2.html">CVE-2007-002</a>: WordPerfect Import
Vulnerability</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2007-0239.html">CVE-2007-0239</a>: URL Handling
Security Vulnerability (Linux/Solaris)</li>
+ <li><a href="cves/CVE-2007-0238.html">CVE-2007-0238</a>: StarCalc
Vulnerability</li>
+ <li><a href="cves/CVE-2007-2.html">CVE-2007-002</a>: WordPerfect Import
Vulnerability</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.1</h3>
+ <h3>Fixed in OpenOffice.org 2.1</h3>
-<ul>
- <li><a href="cves/CVE-2006-5870.html">CVE-2006-5870</a>: WMF/EMF Processing
Failures</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2006-5870.html">CVE-2006-5870</a>: WMF/EMF
Processing Failures</li>
+ </ul>
-<h3>Fixed in OpenOffice.org 2.0.3</h3>
+ <h3>Fixed in OpenOffice.org 2.0.3</h3>
-<ul>
- <li><a href="cves/CVE-2006-2199.html">CVE-2006-2199</a>: Java Applets</li>
- <li><a href="cves/CVE-2006-2198.html">CVE-2006-2198</a>: Macro</li>
- <li><a href="cves/CVE-2006-3117.html">CVE-2006-3117</a>: File Format</li>
-</ul>
+ <ul>
+ <li><a href="cves/CVE-2006-2199.html">CVE-2006-2199</a>: Java Applets</li>
+ <li><a href="cves/CVE-2006-2198.html">CVE-2006-2198</a>: Macro</li>
+ <li><a href="cves/CVE-2006-3117.html">CVE-2006-3117</a>: File Format</li>
+ </ul>
-<hr />
+ <hr />
-<p><a href="http://security.openoffice.org/";>Security Home</a> ->
- <a href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
-</p>
+ <p>
+ <a href="http://security.openoffice.org/";>Security Home</a> ->
+ <a href="http://security.openoffice.org/bulletin.html";>Bulletin</a>
+ </p>
</body>
</html>
diff --git a/content/security/faq.html b/content/security/faq.html
index e4d6e7b..4e79b88 100644
--- a/content/security/faq.html
+++ b/content/security/faq.html
@@ -1,192 +1,216 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
-
-<html xmlns="http://www.w3.org/1999/xhtml";>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
- <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Apache OpenOffice Security Team FAQ</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
+ <style>
+ /*<![CDATA[*/
+ hr { display: block }
/*]]>*/
</style>
</head>
<body>
+
<a id="top" name="top"></a>
<h2>Apache OpenOffice Security Team FAQ</h2>
<ul>
<li><a href="#secure">Is OpenOffice secure?</a></li>
+ <li><a href="#genuine">How do I know my copy of OpenOffice is
genuine?</a></li>
+ <li><a href="#protect">How do I protect my copy of OpenOffice against
security issues?</a></li>
+ <li><a href="#verify">"The publisher of this software cannot be verified"
- what should I do?</a></li>
+ <li><a href="#viruses">How do I stop viruses attacking my copy of
OpenOffice?</a></li>
+ <li><a href="#macros">How do I protect against macro-viruses in
OpenOffice?</a></li>
+ <li><a href="#reporting">I am a developer - how do I report a security
vulnerability in OpenOffice?</a></li>
+ <li><a href="#bulletin">Where can I find a list of all the security
vulnerabilities fixed in OpenOffice?</a></li>
+ <li><a href="#alerts">How can I get email alerts about security
vulnerabilities fixed in OpenOffice?</a></li>
+ </ul>
- <li><a href="#genuine">How do I know my copy of OpenOffice is
- genuine?</a></li>
-
- <li><a href="#protect">How do I protect my copy of OpenOffice against
- security issues?</a></li>
-
- <li><a href="#verify">"The publisher of this software cannot be verified"
- - what should I do?</a></li>
-
- <li><a href="#viruses">How do I stop viruses attacking my copy of
- OpenOffice?</a></li>
+ <a id="secure" name="secure"></a>
- <li><a href="#macros">How do I protect against macro-viruses in
- OpenOffice?</a></li>
+ <h3>Is OpenOffice secure?</h3>
- <li><a href="#reporting">I am a developer - how do I report a security
- vulnerability in OpenOffice?</a></li>
+ <p>
+ The OpenOffice engineers take the security of the software very seriously.
We take great care to ensure
+ that our software is secure, and we will react promptly to any reports of
suspected security
+ vulnerabilities in our software.</p>
- <li><a href="#bulletin">Where can I find a list of all the security
- vulnerabilities fixed in OpenOffice?</a></li>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <li><a href="#alerts">How can I get email alerts about security
- vulnerabilities fixed in OpenOffice?</a></li>
- </ul><a id="secure" name="secure"></a>
+ <a id="genuine" name="genuine"></a>
- <h3>Is OpenOffice secure?</h3>
+ <h3>How do I know my copy of OpenOffice is genuine?</h3>
- <p>The OpenOffice engineers take the security of the software very
- seriously. We take great care to ensure that our software is secure, and we
- will react promptly to any reports of suspected security vulnerabilities in
- our software.</p>
+ <p>
+ Make sure you know where your copy of OpenOffice has come from. Download
from one of the sites listed in
+ <a href="/download">our download page</a>, or purchase from one of our CD
distributors.
+ <a href="../download/checksums.html">Use a checksum</a> to make sure your
copy has not been corrupted
+ before you install it.
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="genuine" name="genuine"></a>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <h3>How do I know my copy of OpenOffice is genuine?</h3>
+ <a id="protect" name="protect"></a>
- <p>Make sure you know where your copy of OpenOffice has come from.
- Download from one of the sites listed in <a href=
- "/download">our download page</a>, or purchase from
- one of our CD distributors.
- <a href="../download/checksums.html">Use a checksum</a>
- to make sure your copy has not been corrupted before you install it.</p>
+ <h3>How do I protect my copy of OpenOffice against security issues?</h3>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="protect" name="protect"></a>
+ <p>
+ We recommend all users install new versions of OpenOffice as soon as
practical after they are released.
+ Since version 2.1, OpenOffice has included a feature which will tell you
if a new version is available.
+ We recommend you switch this on <em>(Tools -> Options -> Online
Update -> Check for updates
+ automatically)</em>.
+ </p>
- <h3>How do I protect my copy of OpenOffice against security
- issues?</h3>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p>We recommend all users install new versions of OpenOffice as soon as
- practical after they are released. Since version 2.1, OpenOffice has
- included a feature which will tell you if a new version is available. We
- recommend you switch this on <em>(Tools -> Options -> Online Update
- -> Check for updates automatically)</em>.</p>
+ <a id="verify" name="verify"></a>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="verify" name="verify"></a>
+ <h3>"The publisher of this software cannot be verified" - what should I
do?</h3>
- <h3>"The publisher of this software cannot be verified" - what should I
- do?</h3>
+ <p>
+ When installing OpenOffice under Microsoft Windows, you may see a warning
message stating that the
+ publisher of the software could not be verified. It is safe to ignore this
message if you are confident
+ that your copy of OpenOffice came from a reputable source. If you have any
doubts about this, you can
+ check that the file has not been tampered with by
+ <a href="../download/checksums.html">using MD5 checksums</a>.
+ </p>
- <p>When installing OpenOffice under Microsoft Windows, you may see a
- warning message stating that the publisher of the software could not be
- verified. It is safe to ignore this message if you are confident that your
- copy of OpenOffice came from a reputable source. If you have any doubts
- about this, you can check that the file has not been tampered with by
- <a href="../download/checksums.html">using MD5 checksums</a>.</p>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="viruses" name="viruses"></a>
+ <a id="viruses" name="viruses"></a>
<h3>How do I stop viruses attacking my copy of OpenOffice?</h3>
- <p>If your computer becomes infected with a virus, it is possible that any
- program you have installed – including OpenOffice - may become
- corrupted. Your computer cannot catch a virus from fresh air. It can become
- infected if someone gives you any kind of media – floppy disk, CD, DVD,
- memory stick, memory card etc. – anything capable of holding data can also
- hold a virus. It can become infected if it is connected to any kind of
- network, including wireless. Connections to publicly accessible networks
- like the internet are particularly risky.</p>
+ <p>
+ If your computer becomes infected with a virus, it is possible that any
program you have installed -
+ including OpenOffice - may become corrupted. Your computer cannot catch a
virus from fresh air. It can
+ become infected if someone gives you any kind of media - floppy disk, CD,
DVD, memory stick, memory
+ card etc. - anything capable of holding data can also hold a virus. It can
become infected if it is
+ connected to any kind of network, including wireless. Connections to
publicly accessible networks like
+ the internet are particularly risky.
+ </p>
- <p>There is a whole range of things you can do to protect your computer –
- firewalls, anti-virus software, etc – please contact your PC supplier or IT
- department for details. If you suspect your PC has been infected, please
- seek specialist support.</p>
+ <p>
+ There is a whole range of things you can do to protect your computer -
firewalls, anti-virus software,
+ etc. please contact your PC supplier or IT department for details. If you
suspect your PC has been
+ infected, please seek specialist support.
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="macros" name="macros"></a>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
+
+ <a id="macros" name="macros"></a>
<h3>How do I protect against macro-viruses in OpenOffice?</h3>
- <p>Macros are a useful part of any office suite, allowing you to automate
- repetitive tasks. A macro can do anything you can do - including
- potentially destructive actions such as modifying and deleting files. A
- macro can attached to any OpenOffice file (document, spreadsheet,
- etc.).</p>
+ <p>
+ Macros are a useful part of any office suite, allowing you to automate
repetitive tasks. A macro can
+ do anything you can do - including potentially destructive actions such as
modifying and deleting
+ files. A macro can attached to any OpenOffice file (document, spreadsheet,
etc.).
+ </p>
+
+ <p>
+ Whenever OpenOffice detects macros in a document being opened, by default
it displays a warning and
+ will only run the macro if the you specifically agree.
+ </p>
- <p>Whenever OpenOffice detects macros in a document being opened, by
- default it displays a warning and will only run the macro if the you
- specifically agree.</p>
+ <p>
+ The safest rule is you should never open any OpenOffice file unless you
are sure where it has come from
+ and trust the sender. Note that it is very easy to falsify an email
address - if you have any doubt, do
+ not open the document until you have proved its identity. If you need to
exchange documents regularly.
+ we recommend the use of digital signatures to certify the origin of the
document.
+ </p>
- <p>The safest rule is you should never open any OpenOffice file unless
- you are sure where it has come from and trust the sender. Note that it is
- very easy to falsify an email address - if you have any doubt, do not open
- the document until you have proved its identity. If you need to exchange
- documents regularly, we recommend the use of digital signatures to certify
- the origin of the document.</p>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="reporting" name="reporting"></a>
+ <a id="reporting" name="reporting"></a>
- <h3>I am a developer - how do I report a security vulnerability in
- OpenOffice?</h3>
+ <h3>I am a developer - how do I report a security vulnerability in
OpenOffice?</h3>
- <p>Please report any suspected vulnerabilities to our <a href=
- "mailto:secur...@openoffice.apache.org";>Security Team</a>. We appreciate
- early confidential disclosure to give vendors of products and solutions
- based on OpenOffice time to react. We will coordinate the disclosure of
- your report with you.</p>
+ <p>
+ Please report any suspected vulnerabilities to our
+ <a href="mailto:secur...@openoffice.apache.org";>Security Team</a>. We
appreciate early confidential
+ disclosure to give vendors of products and solutions based on OpenOffice
time to react. We will
+ coordinate the disclosure of your report with you.
+ </p>
- <p>In your report, please include the following information:</p>
+ <p>
+ In your report, please include the following information:
+ </p>
<ul>
- <li>In which version of OpenOffice did you identify the problem (e.g.
- 3.3.0, 3.4.1, 4.0.0, etc.)?</li>
+ <li>
+ In which version of OpenOffice did you identify the problem (e.g. 3.3.0,
3.4.1, 4.0.0, etc.)?
+ </li>
- <li>What is the impact of the problem (data loss, denial of service,
- executing commands, etc.)?</li>
+ <li>
+ What is the impact of the problem (data loss, denial of service,
executing commands, etc.)?
+ </li>
- <li>How can the problem be reproduced?</li>
+ <li>
+ How can the problem be reproduced?
+ </li>
- <li>Is there an existing exploit?</li>
+ <li>
+ Is there an existing exploit?
+ </li>
- <li>Has the problem already been published?</li>
+ <li>
+ Has the problem already been published?
+ </li>
</ul>
- <p>After we receive your report, we will work on the evaluation and we will
- reply to you (typically in the next business day).</p>
+ <p>
+ After we receive your report, we will work on the evaluation and we will
reply to you (typically in the
+ next business day).
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="bulletin" name="bulletin"></a>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <h3>Where can I find a list of all the security vulnerabilities fixed in
- OpenOffice?</h3>
+ <a id="bulletin" name="bulletin"></a>
- <p>These are listed in our <a href=
- "/security/bulletin.html">Security
- Bulletin</a>.</p>
+ <h3>Where can I find a list of all the security vulnerabilities fixed in
OpenOffice?</h3>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p><a id="alerts" name="alerts"></a>
+ <p>
+ These are listed in our <a href="/security/bulletin.html">Security
Bulletin</a>.
+ </p>
- <h3>How can I get email alerts about security vulnerabilities fixed in
- OpenOffice?</h3>
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p>Please read our <a href=
- "/security/alerts.html">Security Alerts</a>
- page.</p>
+ <a id="alerts" name="alerts"></a>
+
+ <h3>How can I get email alerts about security vulnerabilities fixed in
OpenOffice?</h3>
+
+ <p>
+ Please read our <a href="/security/alerts.html">Security Alerts</a> page.
+ </p>
+
+ <p>
+ <a href="#top"><img src="top.gif" alt="up arrow" /> Return to top</a>
+ </p>
- <p><a href="#top"><img src="top.gif" alt="up arrow" /> Return to
- top</a></p>
<hr />
- <p><a href="/security/">Security Home</a> ->
- <a href="/security/faq.html">Security FAQ</a></p>
+ <p>
+ <a href="/security/">Security Home</a> -> <a
href="/security/faq.html">Security FAQ</a>
+ </p>
+
</body>
</html>
diff --git a/content/security/index.html b/content/security/index.html
index b36c874..1ebf203 100755
--- a/content/security/index.html
+++ b/content/security/index.html
@@ -1,67 +1,87 @@
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
- "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
-
-<html xmlns="http://www.w3.org/1999/xhtml";>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-
<title>Apache OpenOffice Security Team</title>
- <style type="text/css">
-/*<![CDATA[*/
- hr { display: block }
+ <style>
+ /*<![CDATA[*/
+ hr { display: block }
/*]]>*/
</style>
-
</head>
<body>
- <h2>Apache OpenOffice Security Team</h2>
- <p>For general information about Apache OpenOffice security, please see our
- <a href="/security/faq.html">Frequently Asked
- Questions page</a>.</p>
+<h2>Apache OpenOffice Security Team</h2>
- <p>For details of our security alerts by email service, please see our
- <a href="alerts.html">Security Alerts page</a>.</p>
+ <p>
+ For general information about Apache OpenOffice security, please see our
+ <a href="/security/faq.html">Frequently Asked Questions page</a>.
+ </p>
- <p>OpenOffice is a complex piece of software developed by various
- teams. As such, it can contain security relevant bugs. If you are a
- software developer and you believe you have found a vulnerability in our
- source code, please contact our <a href=
- "mailto:secur...@openoffice.apache.org";>security team</a> so we can evaluate
- the problem and work on proper solution for our users and for future
- versions of our product.</p>
+ <p>
+ For details of our security alerts by email service, please see our
+ <a href="alerts.html">Security Alerts page</a>.
+ </p>
- <p>We appreciate early confidential disclosure to give vendors of products
- and solutions based on OpenOffice time to react. We will coordinate the
- disclosure of your report with you.</p>
-
- <p>In your report, please include the following informations:</p>
-
- <ul>
- <li>In which version of OpenOffice did you identify the problem?</li>
+ <p>
+ OpenOffice is a complex piece of software developed by various teams. As
such, it can contain security
+ relevant bugs. If you are a software developer and you believe you have
found a vulnerability in our
+ source code, please contact our <a
href="mailto:secur...@openoffice.apache.org";>security team</a> so
+ we can evaluate the problem and work on proper solution for our users and
for future versions of our
+ product.
+ </p>
- <li>Do you have an official version of OpenOffice or e.g. a build
- from your GNU/Linux distribution (include the URL of the build if
- possible)?</li>
+ <p>
+ We appreciate early confidential disclosure to give vendors of products
and solutions based on
+ OpenOffice time to react. We will coordinate the disclosure of your report
with you.
+ </p>
- <li>What is the impact of the problem (data loss, denial of service,
- executing commands, etc.)?</li>
+ <p>
+ In your report, please include the following informations.
+ </p>
- <li>How can the problem be reproduced?</li>
-
- <li>Is there an existing exploit?</li>
-
- <li>Has the problem already been published?</li>
+ <ul>
+ <li>
+ In which version of OpenOffice did you identify the problem?
+ </li>
+
+ <li>
+ Do you have an official version of OpenOffice or e.g. a build from your
GNU/Linux distribution
+ (include the URL of the build if possible)?
+ </li>
+
+ <li>
+ What is the impact of the problem (data loss, denial of service,
executing commands, etc.)?
+ </li>
+
+ <li>
+ How can the problem be reproduced?
+ </li>
+
+ <li>
+ Is there an existing exploit?
+ </li>
+
+ <li>
+ Has the problem already been published?
+ </li>
</ul>
- <p>After we receive your report, we will work on the evaluation and we will
- reply to you (typically in the next business days).</p>
+ <p>
+ After we receive your report, we will work on the evaluation and we will
reply to you (typically in the
+ next business days).
+ </p>
+
+ <p>
+ Vulnerabilities which have been resolved are listed in our <a
href="bulletin.html">Bulletin</a>.
+ </p>
- <p>Vulnerabilities which have been resolved are listed in our <a href=
- "bulletin.html">Bulletin</a>.</p>
<hr />
- <p><a href="/security/">Security Home</a></p>
+ <p>
+ <a href="/security/">Security Home</a>
+ </p>
+
</body>
</html>
