Date: Thu, 27 Nov 2014 13:43:39 +0100 From: Rene Engelhard <rene@...ian.org> To: Alexander Cherepanov <cherepan@...me.ru> Cc: oss-security@...ts.openwall.com, officesecurity@...ts.freedesktop.org, Michael Meeks <michael.meeks@...labora.com>, Miklos Vajna <vmiklos@...e.cz>, Moritz Muehlenhoff <jmm@...ian.org>, cve-assign@...re.org Subject: Re: [Officesecurity] CVE Request: LibreOffice -- several issues Hi, On Thu, Nov 27, 2014 at 03:58:42AM +0300, Alexander Cherepanov wrote: > issues is just the tip of the iceberg. Assuming that many security > bugs were fixed in current versions of LO the fact that LO in Debian > Stable isn't updated for a long time probably means that security > fixes are not marked as such and hence are not backported. Please > correct me if I'm wrong. Correct. Now in the CVE-2014-9093 case (where I got https://bugs.debian.org/771163, sigh, in addition to your all-in-one and thus bogus in any case bugs.debian.org/770166) the code is even so much different that I will even succeed backporting it... 3.x is totally obsolete. I'd assume anyone who really cares about doing stuff with LO uses wheezy-backpots (which has a 4.3.3) Regards, Rene
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.