[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2019-06-08 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #18 from Cor Nouws  ---
In bug 120269 I've proposed to work on a better warning.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2019-06-08 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

Cor Nouws  changed:

   What|Removed |Added

   See Also||https://bugs.documentfounda
   ||tion.org/show_bug.cgi?id=12
   ||0269

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2019-06-07 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

QA Administrators  changed:

   What|Removed |Added

 Status|NEEDINFO|RESOLVED
 Resolution|--- |INSUFFICIENTDATA

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2019-06-07 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #17 from QA Administrators  ---
Dear Gabor Kelemen,

Please read this message in its entirety before proceeding.

Your bug report is being closed as INSUFFICIENTDATA due to inactivity and
a lack of information which is needed in order to accurately
reproduce and confirm the problem. We encourage you to retest
your bug against the latest release. If the issue is still
present in the latest stable release, we need the following
information (please ignore any that you've already provided):

a) Provide details of your system including your operating
   system and the latest version of LibreOffice that you have
   confirmed the bug to be present

b) Provide easy to reproduce steps – the simpler the better

c) Provide any test case(s) which will help us confirm the problem

d) Provide screenshots of the problem if you think it might help

e) Read all comments and provide any requested information

Once all of this is done, please set the bug back to UNCONFIRMED
and we will attempt to reproduce the issue. Please do not:

a) respond via email 

b) update the version field in the bug or any of the other details
   on the top section of our bug tracker

Warm Regards,
QA Team

MassPing-NeedInfo-FollowUp

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2019-05-08 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #16 from QA Administrators  ---
Dear Bug Submitter,

This bug has been in NEEDINFO status with no change for at least
6 months. Please provide the requested information as soon as
possible and mark the bug as UNCONFIRMED. Due to regular bug
tracker maintenance, if the bug is still in NEEDINFO status with
no change in 30 days the QA team will close the bug as INSUFFICIENTDATA
due to lack of needed information.

For more information about our NEEDINFO policy please read the
wiki located here:
https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO

If you have already provided the requested information, please
mark the bug as UNCONFIRMED so that the QA team knows that the
bug is ready to be confirmed.

Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-NeedInfo-Ping

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-11-05 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #15 from Xisco Faulí  ---
(In reply to Thorsten Behrens (CIB) from comment #14)
> (In reply to Cor Nouws from comment #13)
> > (In reply to Gabor Kelemen from comment #0)
> > > ...
> > > I don't think this warning alone is enough. Scrubbing the sensitive data
> > > would be a minimum.
> 
> But that is not actionable I'm afraid (and also defeats the purpose of this
> feature, which originally came from QA).
> 
> I see two ways forward:
> * improve what we have (extra warnings, hide the feature some more) within
> the scope of this bug
> * file a separate enhancement issue, that will then need UX (and other
> stakeholder) input, if/how/whether this can be implemented entirely
> differently
> 
> Back to NEEDINFO.

@Gabor, could you please answer Thorsten's comment above ?

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-11-02 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

Thorsten Behrens (CIB)  changed:

   What|Removed |Added

 Status|NEW |NEEDINFO

--- Comment #14 from Thorsten Behrens (CIB)  ---
(In reply to Cor Nouws from comment #13)
> (In reply to Gabor Kelemen from comment #0)
> > ...
> > I don't think this warning alone is enough. Scrubbing the sensitive data
> > would be a minimum.

But that is not actionable I'm afraid (and also defeats the purpose of this
feature, which originally came from QA).

I see two ways forward:
* improve what we have (extra warnings, hide the feature some more) within the
scope of this bug
* file a separate enhancement issue, that will then need UX (and other
stakeholder) input, if/how/whether this can be implemented entirely differently

Back to NEEDINFO.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-11-02 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

Cor Nouws  changed:

   What|Removed |Added

 Status|NEEDINFO|NEW

--- Comment #13 from Cor Nouws  ---
(In reply to Xisco Faulí from comment #11)
> Dear Gabor Kelemen,
> Could you please provide a better phrase for the UI and set this bug back to
> NEW ?

He suggests more than just a better wording:

(In reply to Gabor Kelemen from comment #0)
> ...
> I don't think this warning alone is enough. Scrubbing the sensitive data
> would be a minimum.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-10-09 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #12 from QA Administrators  ---
Dear Bug Submitter,

This bug has been in NEEDINFO status with no change for at least
6 months. Please provide the requested information as soon as
possible and mark the bug as UNCONFIRMED. Due to regular bug
tracker maintenance, if the bug is still in NEEDINFO status with
no change in 30 days the QA team will close the bug as INSUFFICIENTDATA
due to lack of needed information.

For more information about our NEEDINFO policy please read the
wiki located here:
https://wiki.documentfoundation.org/QA/Bugzilla/Fields/Status/NEEDINFO

If you have already provided the requested information, please
mark the bug as UNCONFIRMED so that the QA team knows that the
bug is ready to be confirmed.

Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-NeedInfo-Ping-20181009

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-03-19 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

Adolfo Jayme  changed:

   What|Removed |Added

 Blocks||108571


Referenced Bugs:

https://bugs.documentfoundation.org/show_bug.cgi?id=108571
[Bug 108571] [META] Safe mode bugs and enhancements
-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-02-28 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #11 from Xisco Faulí  ---
(In reply to Thorsten Behrens (CIB) from comment #9)
> As it stands, this bug report does not seem actionable - setting to NEEDINFO
> 
> (ideas how to scrub that is fool-proof, how to better phrase the UI warning
> etc etc needed)

Dear Gabor Kelemen,
Could you please provide a better phrase for the UI and set this bug back to
NEW ?

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-02-26 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

Xisco Faulí  changed:

   What|Removed |Added

 CC||xiscofa...@libreoffice.org

--- Comment #10 from Xisco Faulí  ---
FYI: I'm deleting user profiles I'm finding in Bugzilla as attachments that
might contain sensitive data. If you find any that needs to be deleted, please,
let me know. I'll also add it to the QA script, so I'll be notified when
registrymodifications.xcu is added as attachment in the future...

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-02-23 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

Thorsten Behrens (CIB)  changed:

   What|Removed |Added

 Status|NEW |NEEDINFO
 CC||t...@libreoffice.org

--- Comment #9 from Thorsten Behrens (CIB)  ---
As it stands, this bug report does not seem actionable - setting to NEEDINFO

(ideas how to scrub that is fool-proof, how to better phrase the UI warning etc
etc needed)

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-01-20 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #8 from Cor Nouws  ---
(In reply to Andras Timar from comment #5)
> The problem is that users will press OK, then they will regret later. Their
> data "will be publicly available and cannot be deleted" (quote from our
> bugzilla's front page).
> 
> At least, please document how to disable this feature.

See comment #0 for what will be disclosed when users click OK without searching
through all the lines for sensible data.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2018-01-19 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #7 from QA Administrators  ---
** Please read this message in its entirety before responding **

To make sure we're focusing on the bugs that affect our users today,
LibreOffice QA is asking bug reporters and confirmers to retest open, confirmed
bugs which have not been touched for over a year.

There have been thousands of bug fixes and commits since anyone checked on this
bug report. During that time, it's possible that the bug has been fixed, or the
details of the problem have changed. We'd really appreciate your help in
getting confirmation that the bug is still present.

If you have time, please do the following:

Test to see if the bug is still present with the latest version of LibreOffice
from https://www.libreoffice.org/download/

If the bug is present, please leave a comment that includes the information
from Help - About LibreOffice.

If the bug is NOT present, please set the bug's Status field to
RESOLVED-WORKSFORME and leave a comment that includes the information from Help
- About LibreOffice.

Please DO NOT

Update the version field
Reply via email (please reply directly on the bug tracker)
Set the bug's Status field to RESOLVED - FIXED (this status has a particular
meaning that is not 
appropriate in this case)


If you want to do more to help you can test to see if your issue is a
REGRESSION. To do so:
1. Download and install oldest version of LibreOffice (usually 3.3 unless your
bug pertains to a feature added after 3.3) from
http://downloadarchive.documentfoundation.org/libreoffice/old/

2. Test your bug
3. Leave a comment with your results.
4a. If the bug was present with 3.3 - set version to 'inherited from OOo';
4b. If the bug was not present in 3.3 - add 'regression' to keyword


Feel free to come ask questions or to say hello in our QA chat:
https://kiwiirc.com/nextclient/irc.freenode.net/#libreoffice-qa

Thank you for helping us make LibreOffice even better for everyone!

Warm Regards,
QA Team

MassPing-UntouchedBug

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2017-01-19 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #6 from Samuel Mehrbrodt (CIB)  ---
(In reply to Andras Timar from comment #5)
> The problem is that users will press OK, then they will regret later. Their
> data "will be publicly available and cannot be deleted" (quote from our
> bugzilla's front page).
> 
> At least, please document how to disable this feature.

Which feature?
There is no automatic upload happening. Safe mode just offers to create the zip
file. Users still need to manually send/upload it somewhere.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2017-01-19 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #5 from Andras Timar  ---
The problem is that users will press OK, then they will regret later. Their
data "will be publicly available and cannot be deleted" (quote from our
bugzilla's front page).

At least, please document how to disable this feature.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2017-01-11 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #4 from Cor Nouws  ---
(In reply to Michael Meeks from comment #3)

> "This may include personal details from the settings, and also connection
> details for remote servers"

And the idea is that users (..) then click "OK do send this" :) ?

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2017-01-11 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

--- Comment #3 from Michael Meeks  ---
Does tweaking the legend do it for you ? if so how ? Would a tooltip when you
mouse-over the button/label with some more text:

"This may include personal details from the settings, and also connection
details for remote servers"

Or somesuch work ?

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs

[Libreoffice-bugs] [Bug 104992] Possible information disclosure via Safe Mode

2017-01-11 Thread bugzilla-daemon 
https://bugs.documentfoundation.org/show_bug.cgi?id=104992

Samuel Mehrbrodt (CIB)  changed:

   What|Removed |Added

Summary|Unintended information  |Possible information
   |disclosure via Safe Mode|disclosure via Safe Mode

--- Comment #2 from Samuel Mehrbrodt (CIB)  ---
I removed the "unintended" from the title.
This is by design.

Maybe you have a suggestion how to improve the message? I don't see much we
can/should do here.

-- 
You are receiving this mail because:
You are the assignee for the bug.___
Libreoffice-bugs mailing list
Libreoffice-bugs@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-bugs