Hi, On Wed, Jan 19, 2011 at 03:46:27PM +0100, Rene Engelhard wrote: > Already fixed. Don't find the commit anymore, but it was in a ooo-build > patch and got merged over to libs-core (tools) and impress (sd). > > See also http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2935 and > http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2936
And before anyone screams about coordinated disclosure and wonders whether OOo 3.2.1 is affected: yes, it is. Was reported and at the time it was reported it was already public (by Se. So all distros updated their packages (see the references in the CVE links) - and Oracle in their usual policy waits for the next release - which is 3.3.0.. No idea when/whether/how they update StarOffice/Oracle Open Office. Grüße/Regards, René -- .''`. René Engelhard -- Debian GNU/Linux Developer : :' : http://www.debian.org | http://people.debian.org/~rene/ `. `' r...@debian.org | GnuPG-Key ID: D03E3E70 `- Fingerprint: E12D EA46 7506 70CF A960 801D 0AA0 4571 D03E 3E70 _______________________________________________ LibreOffice mailing list LibreOffice@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/libreoffice
