Re: [tdf-discuss] Re: security related information, CVE-2019-9848, CVE-2019-9849
Le 10 août 2019 06:38:34 GMT+02:00, Derek Currie <email@example.com> a écrit :
I've been following this situation closely and advising users about the
workaround for *CVE-2019-9848*.
*Problem:* The Document Foundation has stated that the patch for
CVE-2019-9848 was not entirely effective. I can provide documentation.
further patch was supposed to be applied in version 6.3.4 this week.
there is no record in the release notes of that patch. Instead, there
incorrect listing that CVE-2019-9848 was patched in v188.8.131.52, which has
published to not be the case.
So both MITRE and the Document Foundation are wrong according to you?
Also, 6.3.0/was just released, not 6.3.4, and in my understanding has also the proper patch(es).
This is of course a rather dynamic situation that our security team is actively working on.
This situation is thoroughly confusing users.
I am not sure it is...
I'm continuing to advise users to apply the workaround for
What workaround? Are you in charge of users in a professional environment?
Please sort this out ASAP.
Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté.
To unsubscribe e-mail to: firstname.lastname@example.org
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.documentfoundation.org/www/discuss/
Impressum (Legal Info)
: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (MPLv2
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our trademark policy