openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <orc...@apache.org>
Subject RE: [REPORT] CVE-2016-1513 Security Advisory
Date Wed, 31 Aug 2016 02:09:22 GMT


> -----Original Message-----
> From: Rodrigo Marin-Rogers [mailto:rodmarogers@gmail.com]
> Sent: Tuesday, August 30, 2016 16:44
> To: announce@openoffice.apache.org; orcmid@apache.org
> Subject: Re: [REPORT] CVE-2016-1513 Security Advisory
> 
> Dear Dennis:
> 
>      The hotfix download and installation process is quite long and
> complicated for the general users who are not developers.  Why don't you
> just create a new version with the hotfix already included much easier
> to download.  I've lost several documents that showed as corrupt when I
> tried to reopen them,  then I suspected that something like this was
> happening, so I deleted them from my computer.
> 
>       Thank you for your kind concern,  Please let me know if you create
> such new version!
> 
> Truly yours,
> 
> 
> 
>       Rodrigo.
[orcmid] 

Thank you for the feedback, Rodrigo.

It may be months before there is a full update for Apache OpenOffice.  The hotfixes are for
those able to make use of them in the meantime.  The reason we make the README files available
to be read first is so folks can calibrate whether they want to go through it or not.

With regard to your document corruption experience, that is not the behavior associated with
the CVE-2016-1513 vulnerability.  They were probably damaged in the Save process.  That is
not unknown.

 - Dennis
> 
> 
> On Tue, Aug 30, 2016 at 9:46 AM, Dennis E. Hamilton <orcmid@apache.org
> <mailto:orcmid@apache.org> > wrote:
> 
> 
> 	[BCC PMC]
> 
> 	Today, Version 2.0 of the Advisory for CVE-2016-1513 <tel:2016-
> 1513>  has been issued.
> 
> 	There is now general availability of a Hotfix that can be
> downloaded and applied to installations of Apache OpenOffice 4.1.2.  The
> Hotfix details can be found at
> 	<http://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html
> <http://archive.apache.org/dist/openoffice/4.1.2-patch1/hotfix.html> >.
> 
> 	Please review the README instructions before deciding to download
> and apply the Hotfix.
[ ... ]



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@openoffice.apache.org
For additional commands, e-mail: dev-help@openoffice.apache.org


Mime
View raw message