Date: prev next · Thread: first prev next last
2019 Archives by date, by thread · List index


I've been following this situation closely and advising users about the
workaround for *CVE-2019-9848*.

*Problem:* The Document Foundation has stated that the patch for
CVE-2019-9848 was not entirely effective. I can provide documentation. A
further patch was supposed to be applied in version 6.3.4 this week. And yet
there is no record in the release notes of that patch. Instead, there is an
incorrect listing that CVE-2019-9848 was patched in v6.2.5.2, which has been
published to not be the case.

https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/
<https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/>  

This situation is thoroughly confusing users.

I'm continuing to advise users to apply the workaround for CVE-2019-9848.

Please sort this out ASAP.

Thank you.

Derek Currie



--
Sent from: http://document-foundation-mail-archive.969070.n3.nabble.com/Discuss-f1621725.html

-- 
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.documentfoundation.org/www/discuss/
Privacy Policy: https://www.documentfoundation.org/privacy

Context


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.