oss-sec mailing list archives

Re: [Officesecurity] Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification

From: Caolán McNamara <caolanm () redhat com>
Date: Tue, 29 May 2012 10:52:49 +0100

On Mon, 2012-05-28 at 17:09 +0200, Jan Lieskovsky wrote:

For what is related against upstream patches -- upon testing we can confirm,
the original ones were complete and this is in no way a new security flaw.

...

But something, which got corrected upstream in previous release(s), and
should mention possibility of arbitrary code execution too in order to properly
describe this deficiency.

OpenOffice.org / LibreOffice upstreams - please update your advisories to
reflect this if possible yet.


Done, for LibreOffice, updated description to reflect overflow
possibilities.

C.

Current thread:

Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky (May 28)
- Re: Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Jan Lieskovsky (May 29)
- Re: [Officesecurity] Kind request to update upstream CVE-2012-2334 advisories they to reflect arbitrary code execution possibility too and OSS list notification Caolán McNamara (May 29)