← Back to team overview

desktop-packages team mailing list archive

  1. desktop-packages team
  2. Mailing list archive
  3. Message #77733

Re: [Bug 1380711] Re: security CVE 2014-3575

  Thread PreviousDate PreviousThread Next 
Dear Hans,
I have to apologize myself for the late answer,
I was quite busy at School.
Anyway, I have not the skills to reproduce the bug,
neither I have found any documentation about how to reproduce it.

I simply noticed the following announced updates:

   1. fedora on 11/9/2014 pushed an update fedora libreoffice update
   against 4.2.6

   <https://admin.fedoraproject.org/updates/FEDORA-2014-10732/libreoffice-4.2.6.3-3.fc20?_csrf_token=64d5a5974814b08b5ab603be5c3c633bdc612ee7>
   2. opensuse on 15/9/2014 pushed an update opensuse libreoffice update
   <http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00018.html>

   3. upstream libreoffice webpage
   <https://www.libreoffice.org/about-us/security/advisories/cve-2014-3575/>

they all speak as the vulnerability is against libreoffice earlier than
4.2.5 and linux
*any*
This is the best evidence I can produce.

I hope this mail to have been usefull,
and forgive my bad english :).
Best regards
Tiziano

2014-10-18 15:59 GMT+02:00 Hans Joachim Desserud <1380711@xxxxxxxxxxxxxxxxxx
>:

> Thanks for taking your time to report this issue and help making Ubuntu
> better.
>
> I searched the Ubuntu CVE tracker, and it claims that this issue does
> not apply to Ubuntu (http://people.canonical.com/~ubuntu-
> security/cve/2014/CVE-2014-3575.html). I am not familiar with this issue
> though, so it would be nice if we could get a comment from someone who
> are.
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2014-3575
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1380711
>
> Title:
>   security CVE 2014-3575
>
> Status in "libreoffice" package in Ubuntu:
>   New
>
> Bug description:
>   dear mantainers, as you can see here
>   http://www.securitytracker.com/id/1030804, libreoffice earlier than
>   4.2.6 secfix1 is vulnerable, as apache openoffice earlier than 4.1.1
>   to CVE 2014-3575, if i understan correctly the report.
>
>   thank's for you work.
>   best regards
>   Tiziano Casavecchia
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1380711/+subscriptions
>

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1380711

Title:
  security CVE 2014-3575

Status in “libreoffice” package in Ubuntu:
  New

Bug description:
  dear mantainers, as you can see here
  http://www.securitytracker.com/id/1030804, libreoffice earlier than
  4.2.6 secfix1 is vulnerable, as apache openoffice earlier than 4.1.1
  to CVE 2014-3575, if i understan correctly the report.

  thank's for you work.
  best regards
  Tiziano Casavecchia

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1380711/+subscriptions

References

  Thread PreviousDate PreviousThread Next