[tdf-discuss] Re: security-related information, CVE-2012-1149, CVE-2012-2334

NoOp <glgxg -AT- sbcglobal.net>

Wed, 16 May 2012 14:12:23 -0700

On 05/16/2012 01:09 PM, Caolán McNamara wrote:

On Wed, 2012-05-16 at 12:29 -0700, NoOp wrote:

Any idea if 3.5.3 also addresses this one that also came out today?
http://www.openoffice.org/security/cves/CVE-2012-2149.html


This is actually "libwpd", which gets bundled into non-distro builds.
The advisory relates to a very old version of libwpd bundled into the
last OpenOffice.org release. LibreOffice 3.3.X already contained a
sufficiently recent version of libwpd to be unaffected by that, so
you're fine with any version of LibreOffice.

the filter can be patched rather than removed like AOO.


The filter got removed from AOO due to being under the LGPL (!)
https://cwiki.apache.org/OOOUSERS/ipclearance.html

... Thanks! -- Unsubscribe instructions: E-mail to discuss+help@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted

Context

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.