Re: [tdf-discuss] Security Advisories
NoOp wrote: Why is it that security advisories such as this: https://www.libreoffice.org/advisories/CVE-2012-0037/ are not posted on the user or announce lists? The only way I found out about this was via a Redhat bug report: https://bugzilla.redhat.com/show_bug.cgi?id=791296 [Bug 791296 - (CVE-2012-0037) CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF files ] And then later on the ApacheOOO user list: http://permalink.gmane.org/gmane.comp.apache.incubator.ooo.user/866 It would be nice if someone 'official' (ala TDF) could post the CVE-2012-0037 notice on both the user and announce lists. +1 -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
[tdf-discuss] Security Advisories
Why is it that security advisories such as this: https://www.libreoffice.org/advisories/CVE-2012-0037/ are not posted on the user or announce lists? The only way I found out about this was via a Redhat bug report: https://bugzilla.redhat.com/show_bug.cgi?id=791296 [Bug 791296 - (CVE-2012-0037) CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF files ] And then later on the ApacheOOO user list: http://permalink.gmane.org/gmane.comp.apache.incubator.ooo.user/866 It would be nice if someone 'official' (ala TDF) could post the CVE-2012-0037 notice on both the user and announce lists. -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [tdf-discuss] Security Advisories
NoOp wrote: It would be nice if someone 'official' (ala TDF) could post the CVE-2012-0037 notice on both the user and announce lists. It is now reported on the blog post. -- Italo Vignoli - italo.vign...@gmail.com mob +39.348.5653829 - VoIP 5316...@messagenet.it skype italovignoli - gtalk italo.vign...@gmail.com -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted
Re: [tdf-discuss] Security Advisories
On 23 Mar 2012, at 01:26, NoOp wrote: Why is it that security advisories such as this: https://www.libreoffice.org/advisories/CVE-2012-0037/ are not posted on the user or announce lists? The only way I found out about this was via a Redhat bug report: https://bugzilla.redhat.com/show_bug.cgi?id=791296 [Bug 791296 - (CVE-2012-0037) CVE-2012-0037 raptor: XML External Entity (XXE) attack via RDF files ] And then later on the ApacheOOO user list: http://permalink.gmane.org/gmane.comp.apache.incubator.ooo.user/866 It would be nice if someone 'official' (ala TDF) could post the CVE-2012-0037 notice on both the user and announce lists. LibreOffice shares security information with other projects on a mailing list hosted neutrally at freedesktop.org. As I understand it, the embargo on mentioning this CVE was only lifted today, so you've not overlooked it up to now. S. -- Unsubscribe instructions: E-mail to discuss+h...@documentfoundation.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.documentfoundation.org/www/discuss/ All messages sent to this list will be publicly archived and cannot be deleted