[tdf-discuss] Re: Security Information of 3.3.4
On 11/20/2011 07:26 AM, Volker Merschmann wrote:
2011/11/20 Miyoshi Omori <email@example.com>:
My request is about information security.
Security issues have already been announced as, CVE-2011-2713
corresponds to a comment.
TDF as information, but said that it had been made LibreOffice
3.4.3 and 3.3.4 fixed.
According to NIST report
3.3.4 is classified as a vulnerable version on this security issue.
If it is incorrect, could you formally request a modification of
information as TDF.
As a user, it is also a serious problem.
Thanks for reporting, I also think the information about 3.3.4 is
Your mail has been forwarded to the security team.
[(CVE-2011-2713) CVE-2011-2713 openoffice.org: Out-of-bounds read in DOC
Status: CLOSED NOTABUG
Huzaifa S. Sidhpurwala 2011-10-05 06:40:46 EDT
It initially appeared that this flaw may be exploitable similar to
CVE-2010-3452, where an OOB Read caused Arbitrary Code Execution. However in
the case of this particular flaw, the junk data read is just parsed into an
internal representation of properties and the maximum harm this should
application crash (Denial Of Service).
- Reported to firstname.lastname@example.org on 25-July-2011
- Recieved a reply (with email@example.com
the same date
- Release date changed with a few delays in between
- Release on 5-Oct-2011
This issue results in an OOB read which is not exploitable for arbitrary
execution and can simply cause a crash. We do not consider this as a
Unsubscribe instructions: E-mail to firstname.lastname@example.org
Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette
List archive: http://listarchives.documentfoundation.org/www/discuss/
All messages sent to this list will be publicly archived and cannot be deleted
Impressum (Legal Info)
: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (MPLv2
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our trademark policy