Dan Lewis wrote:
On Thu, 2012-03-22 at 15:17 -0700, Terry wrote:
This quote from the page mentioned by Rob:
<quote>Linux and other platforms should consult their distro or OS vendor for patch
instructions.</quote>
My distro doesn't support OpenOffice; most, I gather, don't.
----- Original Message -----
From: NoOp <[email protected]>
To: [email protected]
Cc:
Sent: Friday, 23 March 2012 5:13 AM
Subject: Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/22/2012 06:16 AM, Rob Weir wrote:
Please note, this is the official security bulletin, targeted for
security professionals. If you are an OpenOffice.org 3.3 user, and
are able to apply the mentioned patch, then you are encouraged to
do so. If someone else supports or manages your desktop, then
please forward this information to them.
...
Where are the linux patches? I could only find Window and Mac:
<http://www.eng.lsu.edu/mirrors/apache//incubator/ooo/3.3/patches/cve-2012-0037/>
There is still a group of people using linux who have been ignored:
the people who have downloaded their copy of OOo from the OOo website. I
fall into this category.
Seems to me that if you are going to issue patches for Windows and
OSX for which you provide downloads from your website, you should
provide a patch for the rest of the versions available as binaries for
downloading from it.
As far as compiling the patch, how many of the group I mentioned
know how to compile the patches for their version? I don't, and likely
many others don't either. In fact, I have never been able to compile any
program following directions. I always have gotten one or more errors
and not known what had caused the mistake nor how to fix it. That is why
I download and install binaries.
Fortunately for me, I have already downloaded from the BuildBot on
3/10/12 so I've gotten the patch applied.
--Dan
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Dan,
First, I must divulge that I am a retired software/hardware engineer, so I do have experience in compiling programs under Linux. Some time ago, I did compile OO.o 2.x for my Slackware Linux workstation, which does not come with OO.o support. Although I didn't have any errors. it took about 3 hours to do so on my 1.2GHz 1GB Athlon system, so I have since been repackaging the downloaded OO.o binary packages into Slackware packages for installation.
So, I too am in the class of Linux users who download the binary OO.o and are left out in
the cold with this new scary Apache policy. It deeply concerns me that there is any
"discussion" at all regarding Linux support. Although it may not be intended,
it appears to me that Apache is cutting off the *nix limb of the OO.o tree. That does
not bode well for us Linux users who have grown dependent on OO.o for maintaining our
documents and, more importantly and more critical to me, our database forms and reports.
It makes me want to look for another Open Document office suite. Instead of being loyal
to OO.o (aka AOO now) maybe I should take another look at LO...
I will at least be watching this issue closely and how Apache reacts.
Girvin Herr
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
