oss-sec mailing list archives
Re: CVE request for Calligra
From: Jeff Mitchell <mitchell () kde org>
Date: Mon, 06 Aug 2012 08:45:16 -0400
On 08/05/2012 07:27 PM, Charlie Miller wrote:
Hi Kurt. Yes, sorry I didn't report directly to the correct people. I only knew that the vulnerability existed for sure in the Nokia Documents app and also in the version of Koffice I happen to have on my system. I didn't know what library it was in (I'd never even heard of Calligra), if it was already known about upstream, what other software depend on this library, etc. As you're probably aware, it can be a very time consuming process to try to get that stuff sorted out, so I just report it to the vendor and let them deal with these issues. In that spirit, I reported to Nokia early last month. As for your questions, I have not asked for CVE's for any of these vulnerabilities. Feel free to request them yourselves. I believe the only vulnerability I know enough details about to say is a security issue is the one in the document about parsing word documents. I hope that clears up any questions you might have. Thanks!
Hi there, As you may have heard, Nokia has a few issues these days with MeeGo, so it's not surprising that they haven't contacted upstreams if you reported it to them :-) Calligra is a (maintained) fork of KOffice. At this point it's not clear to me, based on commit activity, if KOffice is maintained. Regardless, I guess I'd like a CVE for both (or two CVEs, depending on your preferences). --Jeff
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request for Calligra Jeff Mitchell (Aug 04)
- Re: CVE request for Calligra Agostino Sarubbo (Aug 04)
- Re: CVE request for Calligra Jeff Mitchell (Aug 04)
- Re: CVE request for Calligra Agostino Sarubbo (Aug 04)
- Re: CVE request for Calligra Jeff Mitchell (Aug 04)
- Re: CVE request for Calligra Jorge Manuel B. S. Vicetto (Aug 05)
- Re: CVE request for Calligra Kurt Seifried (Aug 05)
- Re: CVE request for Calligra Charlie Miller (Aug 05)
- Re: CVE request for Calligra Jeff Mitchell (Aug 06)
- Re: CVE request for Calligra Kurt Seifried (Aug 06)
- Re: CVE request for Calligra Kurt Seifried (Aug 06)
- Re: CVE request for Calligra Jeff Mitchell (Aug 07)
- Re: CVE request for Calligra Jeff Mitchell (Aug 10)
- Re: CVE request for Calligra Jeff Mitchell (Aug 04)
- Re: CVE request for Calligra Agostino Sarubbo (Aug 04)