In reply to Don,

FWIW, On the topic of updates
...
Some of the external software that is bundled has security issues.  I
put together a patch for nss here:
<https://bz.apache.org/ooo/show_bug.cgi?id=126891>.

The version of libxml currently bundled also has a lot of known
vulnerabilities.  I'm currently testing a patch.

These both need review and testing.

The versions of openssl and curl badly need updating for the same
reason, and there is one CVE for serf.

FreeBSD casually keeps some backported updates for the same openssl version AOO uses:

https://svnweb.freebsd.org/base/stable/9/crypto/openssl/?view=log

It should be pretty straightforward to take them from there and use them into
main/openssl with minor adaptions.

Pedro.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@openoffice.apache.org
For additional commands, e-mail: dev-h...@openoffice.apache.org

Reply via email to