[BCC to PMC] The Apache OpenOffice 4.1.2-patch1 source code mitigates the security vulnerability described in the CVE-2016-1513 advisory <http://www.openoffice.org/security/cves/CVE-2016-1513.html>.
The patch has been applied in the building of modified Apache 4.1.2 binaries. The modified binaries have been successfully used as the source of single modified shared-library files that can be copied into existing Apache 4.1.2 programs in order to eliminate the vulnerability. This ballot is for release of the source code on which replacement or patched Apache 4.1.2 binaries can be based. The candidate source-code release for patch1 is the archive apache-openoffice-4.1.2-patch1.zip located at <https://dist.apache.org/repos/dist/dev/openoffice/4.1.2-patch1/source>. There are accompanying hash files (.md5 and .sha256) and a digital signature file (.asc) for the source-code archive. Please vote by reply to this dev@-list thread on the approval of the candidate for release. [ ] +1 Approve, with description [ ] 0 Abstain [ ] -1 Disapprove, with explanation For +1 Approve votes, please describe the results of verifying the patch materials and success in building a 4.1.2 binary having the patch applied to a particular 4.1.2 binary build. Please do not do anything but [VOTE] (with any +1 descriptions and -1 explanations) on this thread. To discuss this vote or the process, please use a [DISCUSS][VOTE] reply rather than discussing on the [VOTE] thread. The [VOTE] will conclude no sooner than Monday, 2016-08-08T15:00Z. - Dennis E. Hamilton For the Apache OpenOffice Project Management Committee --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org For additional commands, e-mail: dev-h...@openoffice.apache.org
