On 03/22/2012 06:31 PM, Italo Vignoli wrote:
NoOp wrote:It would be nice if someone 'official' (ala TDF) could post the CVE-2012-0037 notice on both the user and announce lists.It is now reported on the blog post.
Well just how many users are subscribed to a blog post? Nor do I think that they (at least I don't) check www.libreoffice.org daily: https://www.libreoffice.org/ Are these the posts that you are referring to? <http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/> <http://blog.documentfoundation.org/2012/03/15/libreoffice-3-5-1-provides-additional-security-and-stability/> Neither of those blog posts contain information regarding CVE-2012-0037. Neither do the release logs or release notes. Nor is there any mention of which bug reports are related to this issue - is there one? LO 3.5.1 is showing: LibreOffice 3.5.1 Final (2012-03-15) The Redhat Bug report (Bug 791296) was dated 2012-03-16 - so LO was aware of, and patched this in 3.5.1 prior to 15 March? Lacking an LO Security Announce list, I just think that it would be nice if such announcements were posted on the user & announce lists as well and the blog. -- Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted