oss-security - Re: [Officesecurity] Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <1338285169.4437.2.camel@Brinn>
Date: Tue, 29 May 2012 10:52:49 +0100
From: Caolán McNamara <caolanm@...hat.com>
To: oss-security@...ts.openwall.com
Cc: "Apache OpenOffice.Org Security Team"
 <ooo-security@...ubator.apache.org>,
        LibreOffice Security Team
 <officesecurity@...ts.freedesktop.org>,
        Florian Weimer <fw@...eb.enyo.de>, David Tardon <dtardon@...hat.com>
Subject: Re: [Officesecurity] Kind request to update upstream CVE-2012-2334
 advisories they to reflect arbitrary code execution possibility too and OSS
 list notification

On Mon, 2012-05-28 at 17:09 +0200, Jan Lieskovsky wrote:
> For what is related against upstream patches -- upon testing we can confirm,
> the original ones were complete and this is in no way a new security flaw.

...

> But something, which got corrected upstream in previous release(s), and
> should mention possibility of arbitrary code execution too in order to properly
> describe this deficiency.
> 
> OpenOffice.org / LibreOffice upstreams - please update your advisories to
> reflect this if possible yet.

Done, for LibreOffice, updated description to reflect overflow
possibilities.

C.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.