Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20141127124339.GB2131@rene-engelhard.de>
Date: Thu, 27 Nov 2014 13:43:39 +0100
From: Rene Engelhard <rene@...ian.org>
To: Alexander Cherepanov <cherepan@...me.ru>
Cc: oss-security@...ts.openwall.com, officesecurity@...ts.freedesktop.org,
	Michael Meeks <michael.meeks@...labora.com>,
	Miklos Vajna <vmiklos@...e.cz>, Moritz Muehlenhoff <jmm@...ian.org>,
	cve-assign@...re.org
Subject: Re: [Officesecurity] CVE Request: LibreOffice --
 several issues

Hi,

On Thu, Nov 27, 2014 at 03:58:42AM +0300, Alexander Cherepanov wrote:
> issues is just the tip of the iceberg. Assuming that many security
> bugs were fixed in current versions of LO the fact that LO in Debian
> Stable isn't updated for a long time probably means that security
> fixes are not marked as such and hence are not backported. Please
> correct me if I'm wrong.

Correct.

Now in the CVE-2014-9093 case (where I got https://bugs.debian.org/771163, sigh,
in addition to your all-in-one and thus bogus in any case
bugs.debian.org/770166) the code is even so much different that I will even succeed backporting
it...

3.x is totally obsolete.
I'd assume anyone who really cares about doing stuff with LO uses wheezy-backpots
(which has a 4.3.3)

Regards,

Rene

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.