Hello Derek,
Le 10 août 2019 06:38:34 GMT+02:00, Derek Currie <derekcurrie@mac.com> a écrit :
I've been following this situation closely and advising users about the
workaround for *CVE-2019-9848*.
*Problem:* The Document Foundation has stated that the patch for
CVE-2019-9848 was not entirely effective. I can provide documentation.
A
further patch was supposed to be applied in version 6.3.4 this week.
And yet
there is no record in the release notes of that patch. Instead, there
is an
incorrect listing that CVE-2019-9848 was patched in v6.2.5.2, which has
been
published to not be the case.
So both MITRE and the Document Foundation are wrong according to you?
Also, 6.3.0/was just released, not 6.3.4, and in my understanding has also the proper patch(es).
This is of course a rather dynamic situation that our security team is actively working on.
https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/
<https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/>
This situation is thoroughly confusing users.
I am not sure it is...
I'm continuing to advise users to apply the workaround for
CVE-2019-9848.
What workaround? Are you in charge of users in a professional environment?
Thanks,
Charles.
Please sort this out ASAP.
Thank you.
Derek Currie
--
Sent from:
http://document-foundation-mail-archive.969070.n3.nabble.com/Discuss-f1621725.html
--
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
--
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.documentfoundation.org/www/discuss/
Privacy Policy: https://www.documentfoundation.org/privacy
Context
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.