Why is it that "security advisories" such as this: https://www.libreoffice.org/advisories/CVE-2012-0037/
are not posted on the user or announce lists? The only way I found out about this was via a Redhat bug report: https://bugzilla.redhat.com/show_bug.cgi?id=791296 [Bug 791296 - (CVE-2012-0037) CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF files ] And then later on the ApacheOOO user list: <http://permalink.gmane.org/gmane.comp.apache.incubator.ooo.user/866> It would be nice if someone 'official' (ala TDF) could post the CVE-2012-0037 notice on both the user and announce lists. -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
