On 05/16/2012 08:57 AM, Caolán McNamara wrote: > https://www.libreoffice.org/advisories/ > > CVE-2012-1149 Integer overflows in graphic object loading > > An integer overflow vulnerability in LibreOffice graphic loading code > could allow a remote attacker to cause a denial of service (application > crash) or potentially execute arbitrary code on vulnerable > installations of LibreOffice. > > Thanks to Tielei Wang via Secunia SVCRP for reporting this flaw. Users > are recommended to upgrade to 3.5.3 to avoid this flaw > > CVE-2012-2334 Denial of Service with malformed .ppt files > > Reading invalid record lengths in LibreOffice powerpoint (escher) > import code could allow a remote attacker to cause a denial of service > (application crash) on vulnerable installations of LibreOffice. > > Thanks to Sven Jacobi for reporting this flaw. Users are recommended to > upgrade to 3.5.3 to avoid this flaw > > C. > >
Thanks for posting that - it's very much appreciated. Any idea if 3.5.3 also addresses this one that also came out today? http://www.openoffice.org/security/cves/CVE-2012-2149.html LO 3.5.3.2 still has a filter for WPD files, and it would be very nice if it continue to do so if the filter can be patched rather than removed like AOO. Thanks Gary Lee -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted