Hi :) I think it would be good to post it here too. It's unusual for LibreOffice to suffer anything like it. In almost any other program it wouldn't have even been reported as it's so trivial. Just another patch for just another unlikely exploit. You basically have to be passing the document backwards and forwards without changing formats with someone you think of as reasonably friendly but who is actually fairly evil and who has a fairly unusually high skill level and knowledge-base. I think the "not changing formats" part of that is fairly unlikely at the moment. Their skill level is an issue too. Perhaps most people on this list could do it fairly easily but the average skill level here is far higher than the vast majority of office workers.
With LO or other OpenSource programs such things are rare enough that they become big News stories. Regards from Tom :) --- On Fri, 23/3/12, Dennis E. Hamilton <dennis.hamil...@acm.org> wrote: From: Dennis E. Hamilton <dennis.hamil...@acm.org> Subject: RE: [libreoffice-users] CVE-2012-0337 To: users@global.libreoffice.org Date: Friday, 23 March, 2012, 17:13 This was a common vulnerability in software having lineage from OpenOffice 3.x, where it was introduced as part of support for features that are new in ODF 1.2. I have provided an unofficial, personal analysis on the ooo-users list. See <http://mail-archives.apache.org/mod_mbox/incubator-ooo-users/201203.mbox/%3c008c01cd08af$dd22b230$97681690$@acm.org%3e>. (I considered posting that here, but wasn't sure if it would be seen as appropriate.) - Dennis -----Original Message----- From: Nino Novak [mailto:nn.l...@kflog.org] Sent: Friday, March 23, 2012 06:29 To: users@global.libreoffice.org Subject: Re: [libreoffice-users] CVE-2012-0337 Hi Dan, On Friday 23 March 2012, 08:53:54 Dan Lewis wrote: > On Fri, 2012-03-23 at 08:10 -0400, drew jensen wrote: > > On Fri, 2012-03-23 at 07:55 -0400, Dan Lewis wrote: > ... [vague security announcements] > What security issues? I'm not sure I know from what I read. I tend to share your wish for a clearer information here. > Another thing that comes from trying to find this information: What > is a link that I can use to list my concerns or other comments about the > layout of the LO website? As the project is self organized I'd suggest to raise your concerns in the website[1] list. There's also a more formal procedure to file an issue in bugzilla[2] (component WWW) HTH Nino [ ... ] -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted -- For unsubscribe instructions e-mail to: users+h...@global.libreoffice.org Problems? http://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: http://wiki.documentfoundation.org/Netiquette List archive: http://listarchives.libreoffice.org/global/users/ All messages sent to this list will be publicly archived and cannot be deleted
