Two points I want to make.
The PDF instructions WERE adequate but misleading. I agree with John, it
should be more straight-forward or installable.
One trick I learned years ago: Always put the program files where YOU
want them, not where the installer normally puts them.
MY OOa Files are in a folder named Office. Easy to keep track of new or
replaced files.
I found unordfmi.dll easily, (due to prior experiences, I renamed the
file adding unordfmi.dll.OLD to the extention,just-in-case).
I copied the new unordfmi.dll to the same folder and that was that - no
complaining from the system.
Take Care,
Scooter
-------- Original Message --------
Subject: Re: CVE-2012-0037: OpenOffice.org data leakage vulnerability
Date: Sun, 25 Mar 2012 19:59:56 +1100
From: Martin Groenescheij <[email protected]>
Reply-To: [email protected]
To: [email protected]
Hi Boiling John,
You could be a little more polite, keep in mind
that Rob provide this patch to protect or security.
The instructions are clear and I didn't had a
problem to install it.
Martin
On 25/03/2012 5:18 PM, John Boyle wrote:
On 3/22/2012 6:16 AM, Rob Weir wrote:
Please note, this is the official security
bulletin, targeted for
security professionals. If you are an
OpenOffice.org 3.3 user, and
are able to apply the mentioned patch, then you
are encouraged to do
so. If someone else supports or manages your
desktop, then please
forward this information to them.
Additional support is available on our
Community Forums:
http://user.services.openoffice.org/
And via our ooo-users mailing list:
http://incubator.apache.org/openofficeorg/mailing-lists.html#users-mailing-list
Note: This security patch for OpenOffice.org
is made available to
legacy OpenOffice.org users as a service by the
Apache OpenOffice
Project Management Committee. The patch is
made available under the
Apache License, and due to its importance, we
are releasing it outside
of the standard release cycle.
-Rob
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CVE-2012-0037: OpenOffice.org data leakage
vulnerability
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected: OpenOffice.org 3.3 and 3.4
Beta, on all platforms.
Earlier versions may be also affected.
Description: An XML External Entity (XXE)
attack is possible in the
above versions of OpenOffice.org. This
vulnerability exploits the way
in
which external entities are processed in
certain XML components of ODF
documents. By crafting an external entity to
refer to other local
file system
resources, an attacker would be able to inject
contents of other
locally- accessible files into the ODF
document, without the user's
knowledge or permission. Data leakage then
becomes possible when that
document is later distributed to other parties.
Mitigation: OpenOffice.org 3.3.0 and 3.4 beta
users should install the
patch at:
http://www.openoffice.org/security/cves/CVE-2012-0037.html
This vulnerability is also fixed in Apache
OpenOffice 3.4 dev
snapshots since March 1st, 2012.
Source and Building: Information on obtaining
the source code for this
patch, and for porting it or adapting it to
OpenOffice.org derivatives
can be found here:
http://www.openoffice.org/security/cves/CVE-2012-0037-src.txt
Credit: The Apache OpenOffice project
acknowledges and thanks the
discoverer of this issue, Timothy D. Morgan of
Virtual Security
Research, LLC.
References: http://security.openoffice.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iQIcBAEBCgAGBQJPayGmAAoJEGFAoYdHzLzHJVcP/jXzY+ROwPTAaSItCc4GAn2q
Gm3uL9D9aRrs/pp+sofRkF9L3nyWEyyVfvZv6+IBrqOU/2Tu1CD8cY6Kns1ZYxVO
ZRDiR5hhr3pA6KfWlb9W9it/8JsTF7WZfTX0uRMPXCYlJuYQ38Nl7kloPYswXG2w
By2J19VanlHuwLQJoNV08652HBDy2Xpa6Wk7N5NoyETILOS47QTgizjAYZ2AY0GE
ykBFu9A9yblLM5zftuMT/4FxkHQ8Qx5I3NmV3V8cUgJlmbc2oscsC23iIPcoulJF
GSn8tub/e47xzgpJy69NoHgzmb6Ou+J3BDXr0kmH008P6FaTpTgPTltZ8Fcua+T2
JSWjzW5IBOW/20J9RN+5lkDJQTY5FiqqpjV7H6bZV3+MVx3Fk/ih1uJPr2cVZqaT
pDU5xtn79py7MNsmpjnzD7mPbdiA2OfStzFpqUM60HOki7RgGpozvUPEvA0uIss9
X/jP1KixPDdbGS2fMrM7KG9mnT8BOzwow0Vti7alP2x2BkTXZm2K/qflXJDFCxTn
g23OJIxlnhC8cK4etyezWNMSya4LLMgz6ZO+TEdvCSaaF6b3t6seskgnFAMcdPHY
bkfzzYnACtrvQAmRQ1Nn4i1yFGAY+cTE7sUO2NcFhHn6jXaiZFEatdh4XJEEcTXl
OZE/3v6XnehMD/32kipa
=/qce
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
For additional commands, e-mail:
[email protected]
To Rob Weir: I have been a user of computers
since the TRS 80 from Tandy and a user of
OpenOffice for I don't know how many years! The
asinine patch that was put out to be installed
was badly done and I cannot use it whatsoever!
Now, if someone cannot get it to their heads
that a patch must be a simple install from the
get go, then they are going to lose users of
open office for their arrogance. A four-part
Idiotic message claiming to give you a patch is
actually totally worthless! Have you ever heard
of the DUMMIES books and method of approach to
this problem?:-( :-( :-(
---------------------------------------------------------------------
To unsubscribe, e-mail:
[email protected]
For additional commands, e-mail:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
