We've published a security bulletin and patch for the Apache OpenOffice 3.4.1 SDK.
Due to a flaw in JavaDoc generated API documentation, one of the files in the 3.4.1 SDK is vulnerable to an HTML frame injection attack. Details on the issue, and a patched HTML file, can be found here: http://www.openoffice.org/security/cves/CVE-2013-1571.html Note: this impacts only installations of the SDK. Normal end-user installs of Apache OpenOffice are not impacted. Regards, Rob Weir Apache OpenOffice Security Team --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
