Is there another thread where people can be rude and argue? I don't like that cluttering up my inbox.
On Sun, Mar 25, 2012 at 8:13 PM, John Boyle <[email protected]> wrote: > On 3/25/2012 1:59 AM, Martin Groenescheij wrote: > >> Hi Boiling John, >> >> You could be a little more polite, keep in mind that Rob provide this >> patch to protect or security. >> The instructions are clear and I didn't had a problem to install it. >> >> Martin >> >> On 25/03/2012 5:18 PM, John Boyle wrote: >> >>> On 3/22/2012 6:16 AM, Rob Weir wrote: >>> >>>> Please note, this is the official security bulletin, targeted for >>>> security professionals. If you are an OpenOffice.org 3.3 user, and >>>> are able to apply the mentioned patch, then you are encouraged to do >>>> so. If someone else supports or manages your desktop, then please >>>> forward this information to them. >>>> >>>> Additional support is available on our Community Forums: >>>> >>>> http://user.services.**openoffice.org/<http://user.services.openoffice.org/> >>>> >>>> And via our ooo-users mailing list: >>>> >>>> http://incubator.apache.org/**openofficeorg/mailing-lists.** >>>> html#users-mailing-list<http://incubator.apache.org/openofficeorg/mailing-lists.html#users-mailing-list> >>>> >>>> Note: This security patch for OpenOffice.org is made available to >>>> legacy OpenOffice.org users as a service by the Apache OpenOffice >>>> Project Management Committee. The patch is made available under the >>>> Apache License, and due to its importance, we are releasing it outside >>>> of the standard release cycle. >>>> >>>> -Rob >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA512 >>>> >>>> CVE-2012-0037: OpenOffice.org data leakage vulnerability >>>> >>>> Severity: Important >>>> >>>> Vendor: The Apache Software Foundation >>>> >>>> Versions Affected: OpenOffice.org 3.3 and 3.4 Beta, on all platforms. >>>> Earlier versions may be also affected. >>>> >>>> Description: An XML External Entity (XXE) attack is possible in the >>>> above versions of OpenOffice.org. This vulnerability exploits the way >>>> in >>>> which external entities are processed in certain XML components of ODF >>>> documents. By crafting an external entity to refer to other local >>>> file system >>>> resources, an attacker would be able to inject contents of other >>>> locally- accessible files into the ODF document, without the user's >>>> knowledge or permission. Data leakage then becomes possible when that >>>> document is later distributed to other parties. >>>> >>>> Mitigation: OpenOffice.org 3.3.0 and 3.4 beta users should install the >>>> patch at: http://www.openoffice.org/**security/cves/CVE-2012-0037.** >>>> html <http://www.openoffice.org/security/cves/CVE-2012-0037.html> >>>> >>>> This vulnerability is also fixed in Apache OpenOffice 3.4 dev >>>> snapshots since March 1st, 2012. >>>> >>>> Source and Building: Information on obtaining the source code for this >>>> patch, and for porting it or adapting it to OpenOffice.org derivatives >>>> can be found here: http://www.openoffice.org/** >>>> security/cves/CVE-2012-0037-**src.txt<http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt> >>>> >>>> Credit: The Apache OpenOffice project acknowledges and thanks the >>>> discoverer of this issue, Timothy D. Morgan of Virtual Security >>>> Research, LLC. >>>> >>>> References: http://security.openoffice.org >>>> >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v1.4.11 (GNU/Linux) >>>> >>>> iQIcBAEBCgAGBQJPayGmAAoJEGFAoY**dHzLzHJVcP/jXzY+**ROwPTAaSItCc4GAn2q >>>> Gm3uL9D9aRrs/pp+**sofRkF9L3nyWEyyVfvZv6+IBrqOU/**2Tu1CD8cY6Kns1ZYxVO >>>> ZRDiR5hhr3pA6KfWlb9W9it/**8JsTF7WZfTX0uRMPXCYlJuYQ38Nl7k**loPYswXG2w >>>> By2J19VanlHuwLQJoNV08652HBDy2X**pa6Wk7N5NoyETILOS47QTgizjAYZ2A**Y0GE >>>> ykBFu9A9yblLM5zftuMT/**4FxkHQ8Qx5I3NmV3V8cUgJlmbc2osc**sC23iIPcoulJF >>>> GSn8tub/e47xzgpJy69NoHgzmb6Ou+**J3BDXr0kmH008P6FaTpTgPTltZ8Fcu**a+T2 >>>> JSWjzW5IBOW/20J9RN+**5lkDJQTY5FiqqpjV7H6bZV3+**MVx3Fk/ih1uJPr2cVZqaT >>>> pDU5xtn79py7MNsmpjnzD7mPbdiA2O**fStzFpqUM60HOki7RgGpozvUPEvA0u**Iss9 >>>> X/**jP1KixPDdbGS2fMrM7KG9mnT8BOzwo**w0Vti7alP2x2BkTXZm2K/**qflXJDFCxTn >>>> g23OJIxlnhC8cK4etyezWNMSya4LLM**gz6ZO+**TEdvCSaaF6b3t6seskgnFAMcdPHY >>>> bkfzzYnACtrvQAmRQ1Nn4i1yFGAY+**cTE7sUO2NcFhHn6jXaiZFEatdh4XJE**EcTXl >>>> OZE/3v6XnehMD/32kipa >>>> =/qce >>>> -----END PGP SIGNATURE----- >>>> >>>> ------------------------------**------------------------------** >>>> --------- >>>> To unsubscribe, e-mail: >>>> ooo-users-unsubscribe@**incubator.apache.org<[email protected]> >>>> For additional commands, e-mail: >>>> ooo-users-help@incubator.**apache.org<[email protected]> >>>> >>>> >>>> To Rob Weir: I have been a user of computers since the TRS 80 from >>> Tandy and a user of OpenOffice for I don't know how many years! The asinine >>> patch that was put out to be installed was badly done and I cannot use it >>> whatsoever! Now, if someone cannot get it to their heads that a patch must >>> be a simple install from the get go, then they are going to lose users of >>> open office for their arrogance. A four-part Idiotic message claiming to >>> give you a patch is actually totally worthless! Have you ever heard of the >>> DUMMIES books and method of approach to this problem?:-( :-( :-( >>> >>> ------------------------------**------------------------------** >>> --------- >>> To unsubscribe, e-mail: >>> ooo-users-unsubscribe@**incubator.apache.org<[email protected]> >>> For additional commands, e-mail: >>> ooo-users-help@incubator.**apache.org<[email protected]> >>> >>> >>> >> ------------------------------**------------------------------**--------- >> To unsubscribe, e-mail: >> ooo-users-unsubscribe@**incubator.apache.org<[email protected]> >> For additional commands, e-mail: >> ooo-users-help@incubator.**apache.org<[email protected]> >> >> >> To Rob and Martin: I had no intention of being Impolite, but I never > found any third page I keep hearing about and cannot figure how to install > the patch! I was just asking if there wasn't a simpler way or where the > heck was the patch at? I can't figure it out from what you've gotten And I > started with computers on a TRS 80 computer. I simply would like to get my > OpenOffice patched correctly and am asking if it's at all possible?:-\ > > ------------------------------**------------------------------**--------- > To unsubscribe, e-mail: > ooo-users-unsubscribe@**incubator.apache.org<[email protected]> > For additional commands, e-mail: > ooo-users-help@incubator.**apache.org<[email protected]> > > -- Peace, Stacie M. Jones ~"Lokaa samastaa sukhino bhavantu,"~ "May all worlds be happy."
