CVE-2013-4156: OpenOffice DOCM Memory Corruption Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2013-4156 OpenOffice DOCM Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 and 3.4.1, on all platforms. Predecessor versions of OpenOffice.org may be also affected. Description: The vulnerability is caused by mishandling of unknown XML elements when parsing a OOXML document file. Specially crafted documents can be used for memory-corruption attacks. Further exploits are possible but have not been verified. Mitigation Apache OpenOffice 3.4.0 and 3.4.1 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents. Credits The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw. Herbert Dürr Member of the Apache OpenOffice Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJR8g+LAAoJEDfnuKc+PLjJPmkP/j3BnqefvmPbTicx8cZR+Q+I Y0EqD/2Kvu0qQw6v7S27CnHVpErh9tvEfDViZpXz8hyds3LgVCxOQjFp+XSqvDTW Ut4Ug1tx7N8+RcpTW7qM0/wRRWdjZIdh8sTrtkB93bqbJguLiYk3KWqK2cxW11q6 1fQitnAegZNRVZnSU0rGGVfnc26ulvS0gljpNqhvDit9jOXw5MC+aN05XmCrx/qK NrGUUPJeiyi/5g0xxx4ig/N0/EvO1iZmQAGEE7O24tsoP1hqvuySI0U1kLIhI//x ZdeK4JukZm2OQq0ACXJYhrU0mhfCfdaRW0U4NWiTpBbwfsn0uAMPBhXSO9O+YPQj sWUzLixEg+4EtTQss9oGW+CBaZz+HfErIIUj2rxT01SDlbcfa4ME5giFGC0UO9Ai 1N+GHd8IyWegwUBWV3FSZ9fCbDjaQUCv8cYN3zMo/xl/AsA9LKEsJ0l51B1WnHnY nwoXunUdgUL06blCZ4rwTzoFqSSPrCBDb/ff/PREGvJU4LOFTp6IrxgDH3ODSAE4 jOMuFCjhdDnx7WWDwxi9JnBYE4CwXmhlYNdSdie4pUP6BAq4e2I6kYRkKA3rWf2h CEj1FreYvaYV4OFVcF8wVpP1w5vFgOlOKOy19Y/gP5B29qe2O5qIrFmnx8gPV2iV 7kLeWn4ZPoGXoPkC3TYa =4hNB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
CVE-2013-2189: OpenOffice DOC Memory Corruption Vulnerability
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2013-2189 OpenOffice DOC Memory Corruption Vulnerability Severity: Important Vendor: The Apache Software Foundation Versions Affected: Apache OpenOffice 3.4.0 to 3.4.1 on all platforms. Predecessor versions of OpenOffice.org may be also affected. Description: The vulnerability is caused by operating on invalid PLCF (Plex of Character Positions in File) data when parsing a malformed DOC document file. Specially crafted documents can be used for denial-of-service attacks. Further exploits are possible but have not been verified. Mitigation: Apache OpenOffice 3.4 users are advised to upgrade to Apache OpenOffice 4.0. Users who are unable to upgrade immediately should be cautious when opening untrusted documents. Credits: The Apache OpenOffice Security Team credits Jeremy Brown of Microsoft Vulnerability Research as the discoverer of this flaw. Herbert Dürr Member of the Apache OpenOffice Security Team -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJR8g9+AAoJEDfnuKc+PLjJbqIP/2PaWKJvwYVXOmr33gVD4Kpx Q2zzCfK/je3rJmK6PAfJpGB2ooKim00/Q/+G+gYvvi+35NQLk2dgfynkdhRiQP59 9DaPeNC7NDAjDgIk+8hC/reKmwfqdyyMj0FU/NwIIjEsMPMzKl3Vc1svEN9vz5GN lc3fLORH5GPUVZkwJfV+C+CyBCLk3Yurxd4GNTBpqFKmbR7ENQmKPAmH5gEMIZO7 iCSzGK4terEUjUtAmvHy4yFlZtHz33XgvMZZrbE92y7ppoury8ZN4mb42vAowTDQ +JSGtBKCGPDQRaoDOJdwhafgFcnRu10sJbUtYMmSy9qcZNq6JFHe2aR7+j9h0pN+ c85HgwM/NyCjmw8y5EhD+3Cjwc6AlF9olekPSUui7x+6svDj3uVSM4/tpg/pPXLn 0SLB8r6BrxfP5naqMFwISdbSZaQiGuV3JvFhz7VB6k8tMuzIgI8Huw9IT28LP34F Yxn2VCvzHpZOpWHB9lYORxn1GI+WlrSrKvbaZYUOnBm8fniLHuRSSrra+IWOZqjW UbCko1gtr0A0b9HEeuVVeJAKyXEL52hUUJ2RmZfGJdWGLC/k/8i+s4Ppvqzmf3r2 ujAfn89Vhk12cAb5NXidV4Nh8Ko82Ow32GBBHlavPHX5T5LVnGNa6CWGoctuQGru T6rrd/hV6DXtMmgWPTPH =t46D -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: doc/docx/ppt/pptx to pdf problem (OpenOffice.org 3.4.1 on Debian 6 Squeeze)
Your question was related to converting doc/docx/ppt/pptx files to pdf files using OpenOffice? Inserting a row is a different issue. Where do you want to insert the row, in OpenOffice or in PDF? Be more specific. On 26/07/2013 3:24 PM, chse...@yahoo.com wrote: No matter what I do the program will not insert a row and I need that to work. How can we fix it? Sent from Windows Mail From: Martin Groenescheij Sent: Thursday, July 25, 2013 11:11 PM To: users@openoffice.apache.org Cc: mar...@groenescheij.com You should install AOO 4.0 which has a better import filter then the version you use at the moment. On 26/07/2013 10:49 AM, leipan1989 wrote: Hello everyone, I have a question. I tried to convert the doc/docx/ppt/pptx files to pdf files on Debian 6 Squeeze with OpenOffice SDK and JODConveter,but I found that some of the diagrams and formulas cannot be converted. I tried to find the answer on the Internet. Some people said that the perfect conversion is impossible, because the Office documents are not fully compatible with OpenOffice documents Is there any solutions? Thank you very much. Yours, Pan - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: doc/docx/ppt/pptx to pdf problem (OpenOffice.org 3.4.1 on Debian 6 Squeeze)
No matter what I do the program will not insert a row and I need that to work. How can we fix it? Sent from Windows Mail From: Martin Groenescheij Sent: Thursday, July 25, 2013 11:11 PM To: users@openoffice.apache.org Cc: mar...@groenescheij.com You should install AOO 4.0 which has a better import filter then the version you use at the moment. On 26/07/2013 10:49 AM, leipan1989 wrote: > Hello everyone, > > I have a question. > I tried to convert the doc/docx/ppt/pptx files to pdf files on Debian 6 > Squeeze with OpenOffice SDK and JODConveter,but I found that some of the > diagrams and formulas cannot be converted. I tried to find the answer on > the Internet. Some people said that the perfect conversion is impossible, > because the Office documents are not fully compatible with OpenOffice > documents > Is there any solutions? > Thank you very much. > > > Yours, > Pan > - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: doc/docx/ppt/pptx to pdf problem (OpenOffice.org 3.4.1 on Debian 6 Squeeze)
You should install AOO 4.0 which has a better import filter then the version you use at the moment. On 26/07/2013 10:49 AM, leipan1989 wrote: Hello everyone, I have a question. I tried to convert the doc/docx/ppt/pptx files to pdf files on Debian 6 Squeeze with OpenOffice SDK and JODConveter,but I found that some of the diagrams and formulas cannot be converted. I tried to find the answer on the Internet. Some people said that the perfect conversion is impossible, because the Office documents are not fully compatible with OpenOffice documents Is there any solutions? Thank you very much. Yours, Pan - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
doc/docx/ppt/pptx to pdf problem (OpenOffice.org 3.4.1 on Debian 6 Squeeze)
Hello everyone, I have a question. I tried to convert the doc/docx/ppt/pptx files to pdf files on Debian 6 Squeeze with OpenOffice SDK and JODConveter,but I found that some of the diagrams and formulas cannot be converted. I tried to find the answer on the Internet. Some people said that the perfect conversion is impossible, because the Office documents are not fully compatible with OpenOffice documents Is there any solutions? Thank you very much. Yours, Pan
Re: FUD right after download
On Tue, Jul 23, 2013 at 4:22 PM, Fernando Cassia wrote: > Oh sweet irony, right after downloading AOO 4.0, and before one even > gets a chance to install it, you get the same FUD review from a LO > zealot as part of the SF.Net redirect to the reviews section... > http://img580.imageshack.us/img580/1351/3ni.png > > (those are SourceForge.net's user-submitted reviews, which shows the > highest scoring review "vs" the lowest scoring one). > > Strangely, it doesn't matter if you select "most helpful" or "sorted > by date" afterwards from the drop down at the bottom of that page, the > displayed reviews do not change, it's always the same 5-star, one-line > review that says "a great alternative" vs the 1-star review full of > AOO FUD from someone who says "use LO instead". Thanks for heads up Fernando, this has been fixed now. See https://sourceforge.net/projects/openofficeorg.mirror/reviews/ Roberto > > I feel tempted to write a one-star review that reads "I'm a > LibreOffice troll and I hate to see AOO 4.0 released!" and see if it > gets displayed :-P. > > FC > -- > During times of Universal Deceit, telling the truth becomes a revolutionary > act > - George Orwell - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: OO site certificate still bad
On Thu, Jul 25, 2013 at 11:06 AM, James Knott wrote: > Rob Weir wrote: >> >> But we are looking into getting a site certificate for >> *.openoffice.org. That would help secure other things, like forum and >> wiki logins, etc. Of course this is not tied to the product release >> schedule. > > > If I'm not mistaken, certificates can be for multiple domains. > Multiple subdomains certainly, thus *.openoffice.org. -Rob > > - > To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org > For additional commands, e-mail: users-h...@openoffice.apache.org > - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: Still unable to email documents with version 4 upgrade
On Thu, Jul 25, 2013 at 2:44 PM, Fernando Cassia wrote: > > Note that I haven't tried it. But if it does what it claims, then it > should work... Dang, I failed to paste the URL... here it goes again. http://code.google.com/p/tvhgooglemapi/downloads/detail?name=tvhgooglemapisetup-0.4.exe Please report if it works for you. The worst that could happen is that it doesnt work, and you would have to uninstall it. FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto Revolucionario - George Orwell - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: Still unable to email documents with version 4 upgrade
On Tue, Jul 23, 2013 at 8:26 AM, MIKE LISH wrote: > > I use Google for everything, and for any office platform not to recognize > Google email is stone age stuff ! > > Do I need to wait for version 12 before this is sorted?? No. You need to install this software that registers GMail on Windows, so that all applications that can send e-mail will open your web browser with GMail and even add any attachments... Note that I haven't tried it. But if it does what it claims, then it should work... FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto Revolucionario - George Orwell - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: Still unable to email documents with version 4 upgrade
On Wed, Jul 24, 2013 at 8:31 AM, Rob Weir wrote: > A quick search shows there are products out there that claim to add > MAPI support to GMail. I haven't tried any of them to see how they > work with OpenOffice, but this one sounds interesting: > http://www.mapi4gmail.com/ > > Regards, > > -Rob Exactly. That solution you linked, however, is commercial. Here's an open source one, and with an Apache license. Makes GMail a registered MAPI provider on Windows. http://code.google.com/p/tvhgooglemapi/downloads/detail?name=tvhgooglemapisetup-0.4.exe FC -- During times of Universal Deceit, telling the truth becomes a revolutionary act Durante épocas de Engaño Universal, decir la verdad se convierte en un Acto Revolucionario - George Orwell - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: Still unable to email documents with version 4 upgrade
Thanks for your input Shari and for explaining it in such an understanding manner. Regards, Mike Lish On 25 July 2013 17:00, Shari Smith wrote: > Hi Mike, I use Thunderbird imap'd to gMail. The simple answer (and possibly > not technically correct) to your question is that gMail in itself is not a > program, like Microsoft Word is a program. Your computer can be set to open > the file type .doc with a program. As gMail isn't a program, it can't be > select as the "open with." > > When you're working in your browser and offered email, it's your browser > that is handling that, not your system, hence why it can offer the gMail > option. > > I believe a few people have shared some ways around this, so it can be > "made" to do it. I find Thunderbird the easiest, as I use it for my email; > hence why I choose that route. > > > On Wed, Jul 24, 2013 at 6:03 AM, MIKE LISH wrote: > > > All of this seems rather convoluted and complicated. Why can't AOO be > made > > to recognize Google, as it has been made to recognize its compatibility > > with Microsoft .doc etc. etc. instead of pushing blame in Google's > > direction. I find it difficult to accept there is no work around to this > > problem. C'mon! AOO is great in most other ways, and it seems ridiculous > > for it not to recognize Google email! ! > > > > Mike Lish > > > > > > On 23 July 2013 19:03, Dennis E. Hamilton > wrote: > > > > > That's not the issue. Apache OpenOffice does not discriminate on that > > > basis. > > > > > > What is the issue is that Apache OpenOffice uses the on-desktop > protocol > > > for requesting the opening of an e-mail with a given attachment. This > > will > > > usually be whatever is recognized as the default e-mail application on > > the > > > desktop. Google does not provide any kind of desktop presence by which > > > this can be handled. > > > > > > However, it is possible to access Google Mail by standard desktop > e-mail > > > applications, instead of using a browser. *That* software can then be > > > reached by Apache OpenOffice so long as it is capable of being > registered > > > as the default e-mail application. > > > > > > The Microsoft Outlook desktop application will do this -- connect to > > > Google Mail and integrate with Apache OpenOffice. Depending on > operating > > > system, the Windows Live Mail application will also connect to Google > > Mail > > > and also be triggered by Apache OpenOffice. The same should apply for > > > Outlook Express if someone still uses an operating system that has that > > > desktop application. > > > > > > There are some differences in how this works with Windows 8. There is > > > some other thread or perhaps bugzilla issue where that has been > > discussed. > > > > > > - Dennis > > > > > > -Original Message- > > > From: Urmas [mailto:davian...@gmail.com] > > > Sent: Tuesday, July 23, 2013 05:08 AM > > > To: users@openoffice.apache.org > > > Subject: Re: Still unable to email documents with version 4 upgrade > > > > > > I was hoping this upgrade would overcome this frustrating and very > > annoying > > > problem. It does not!! > > > > > > I use Google for everything, and for any office platform not to > recognize > > > Google email is stone age stuff ! > > > > > > Why should OO give a special treatment to a proprietary web service > from > > > 3rd > > > party company? > > > > > > > > > > > > - > > > To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org > > > For additional commands, e-mail: users-h...@openoffice.apache.org > > > > > > > > > - > > > To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org > > > For additional commands, e-mail: users-h...@openoffice.apache.org > > > > > > > > >
Re: Still unable to email documents with version 4 upgrade
Hi Mike, I use Thunderbird imap'd to gMail. The simple answer (and possibly not technically correct) to your question is that gMail in itself is not a program, like Microsoft Word is a program. Your computer can be set to open the file type .doc with a program. As gMail isn't a program, it can't be select as the "open with." When you're working in your browser and offered email, it's your browser that is handling that, not your system, hence why it can offer the gMail option. I believe a few people have shared some ways around this, so it can be "made" to do it. I find Thunderbird the easiest, as I use it for my email; hence why I choose that route. On Wed, Jul 24, 2013 at 6:03 AM, MIKE LISH wrote: > All of this seems rather convoluted and complicated. Why can't AOO be made > to recognize Google, as it has been made to recognize its compatibility > with Microsoft .doc etc. etc. instead of pushing blame in Google's > direction. I find it difficult to accept there is no work around to this > problem. C'mon! AOO is great in most other ways, and it seems ridiculous > for it not to recognize Google email! ! > > Mike Lish > > > On 23 July 2013 19:03, Dennis E. Hamilton wrote: > > > That's not the issue. Apache OpenOffice does not discriminate on that > > basis. > > > > What is the issue is that Apache OpenOffice uses the on-desktop protocol > > for requesting the opening of an e-mail with a given attachment. This > will > > usually be whatever is recognized as the default e-mail application on > the > > desktop. Google does not provide any kind of desktop presence by which > > this can be handled. > > > > However, it is possible to access Google Mail by standard desktop e-mail > > applications, instead of using a browser. *That* software can then be > > reached by Apache OpenOffice so long as it is capable of being registered > > as the default e-mail application. > > > > The Microsoft Outlook desktop application will do this -- connect to > > Google Mail and integrate with Apache OpenOffice. Depending on operating > > system, the Windows Live Mail application will also connect to Google > Mail > > and also be triggered by Apache OpenOffice. The same should apply for > > Outlook Express if someone still uses an operating system that has that > > desktop application. > > > > There are some differences in how this works with Windows 8. There is > > some other thread or perhaps bugzilla issue where that has been > discussed. > > > > - Dennis > > > > -Original Message- > > From: Urmas [mailto:davian...@gmail.com] > > Sent: Tuesday, July 23, 2013 05:08 AM > > To: users@openoffice.apache.org > > Subject: Re: Still unable to email documents with version 4 upgrade > > > > I was hoping this upgrade would overcome this frustrating and very > annoying > > problem. It does not!! > > > > I use Google for everything, and for any office platform not to recognize > > Google email is stone age stuff ! > > > > Why should OO give a special treatment to a proprietary web service from > > 3rd > > party company? > > > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org > > For additional commands, e-mail: users-h...@openoffice.apache.org > > > > > > - > > To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org > > For additional commands, e-mail: users-h...@openoffice.apache.org > > > > >
Re: OO site certificate still bad
Rob Weir wrote: But we are looking into getting a site certificate for *.openoffice.org. That would help secure other things, like forum and wiki logins, etc. Of course this is not tied to the product release schedule. If I'm not mistaken, certificates can be for multiple domains. - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: OO site certificate still bad
On Thu, Jul 25, 2013 at 10:02 AM, James Knott wrote: > A while ago, I mentioned the ssl certificate is not valid. It's valid only > for Apache. It still hasn't been fixed. This will dissuade those who use > ssl from downloading. > Dissuade? Yesterday we saw a record one-day total of 205,202 downloads of AOO. This breaks our previous one-day record of 197,479 which was set August 30th, 2012. I'm not sure we could handle much more traffic ;-) But we are looking into getting a site certificate for *.openoffice.org. That would help secure other things, like forum and wiki logins, etc. Of course this is not tied to the product release schedule. Regards, -Rob > > - > To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org > For additional commands, e-mail: users-h...@openoffice.apache.org > - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
OO site certificate still bad
A while ago, I mentioned the ssl certificate is not valid. It's valid only for Apache. It still hasn't been fixed. This will dissuade those who use ssl from downloading. - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
Re: OpenOffice 3.4
On Wed, 24 Jul 2013 08:23:44 -0700 (PDT) jim shepard wrote: > 3.4 is opening on Windows startup. How do I turn that off? My operating > system is XP. > If I remember correcty this was a bug on an earlier version of 3,4 (or was it 3.3?) and was cured by /Tools /Options /OpenOffice.org :Memory and unchecking "Enable systray Quickstarter", It was cured in the later revision (certainly 3.4.1), but you should consider upgrading to AOO 4.0. the latest revision. -- Rory O'Farrell - To unsubscribe, e-mail: users-unsubscr...@openoffice.apache.org For additional commands, e-mail: users-h...@openoffice.apache.org
