[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[tdf-discuss] Re: security related information, CVE-2019-9848, CVE-2019-9849


I've been following this situation closely and advising users about the
workaround for *CVE-2019-9848*.

*Problem:* The Document Foundation has stated that the patch for
CVE-2019-9848 was not entirely effective. I can provide documentation. A
further patch was supposed to be applied in version 6.3.4 this week. And yet
there is no record in the release notes of that patch. Instead, there is an
incorrect listing that CVE-2019-9848 was patched in v6.2.5.2, which has been
published to not be the case.

https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/
<https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/>

This situation is thoroughly confusing users.

I'm continuing to advise users to apply the workaround for CVE-2019-9848.

Please sort this out ASAP.

Thank you.

Derek Currie



--
Sent from: http://document-foundation-mail-archive.969070.n3.nabble.com/Discuss-f1621725.html

--
To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.documentfoundation.org/www/discuss/
Privacy Policy: https://www.documentfoundation.org/privacy

Follow-Ups:
Re: [tdf-discuss] Re: security related information, CVE-2019-9848, CVE-2019-9849Caolán McNamara <caolanm@redhat.com>
Re: [tdf-discuss] Re: security related information, CVE-2019-9848, CVE-2019-9849"Charles-H. Schulz" <charles.schulz@documentfoundation.org>
References:
[tdf-discuss] security related information, CVE-2019-9848, CVE-2019-9849Caolán McNamara <caolanm@redhat.com>
Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.