Date: prev next · Thread: first prev next last
2019 Archives by date, by thread · List index

Hello Derek,

Le 10 août 2019 06:38:34 GMT+02:00, Derek Currie <> a écrit :
I've been following this situation closely and advising users about the
workaround for *CVE-2019-9848*.

*Problem:* The Document Foundation has stated that the patch for
CVE-2019-9848 was not entirely effective. I can provide documentation.
further patch was supposed to be applied in version 6.3.4 this week.
And yet
there is no record in the release notes of that patch. Instead, there
is an
incorrect listing that CVE-2019-9848 was patched in v6.2.5.2, which has
published to not be the case.

So both MITRE and the Document Foundation are wrong according to you?

Also, 6.3.0/was just released, not 6.3.4, and in my understanding has also the proper patch(es). 
This is of course a rather dynamic situation that our security team is actively working on.

This situation is thoroughly confusing users.

I am not sure it is...

I'm continuing to advise users to apply the workaround for

What workaround? Are you in charge of users in a professional environment?



Please sort this out ASAP.

Thank you.

Derek Currie

Sent from:

Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.

To unsubscribe e-mail to:
Posting guidelines + more:
List archive:
Privacy Policy:


Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.