[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: [Officesecurity] [oss-security] CVE Request: LibreOffice -- several issues
From:       Rene Engelhard <rene () debian ! org>
Date:       2014-11-27 12:43:39
Message-ID: 20141127124339.GB2131 () rene-engelhard ! de
[Download RAW message or body]

Hi,

On Thu, Nov 27, 2014 at 03:58:42AM +0300, Alexander Cherepanov wrote:
> issues is just the tip of the iceberg. Assuming that many security
> bugs were fixed in current versions of LO the fact that LO in Debian
> Stable isn't updated for a long time probably means that security
> fixes are not marked as such and hence are not backported. Please
> correct me if I'm wrong.

Correct.

Now in the CVE-2014-9093 case (where I got https://bugs.debian.org/771163, sigh,
in addition to your all-in-one and thus bogus in any case
bugs.debian.org/770166) the code is even so much different that I will even succeed backporting
it...

3.x is totally obsolete.
I'd assume anyone who really cares about doing stuff with LO uses wheezy-backpots
(which has a 4.3.3)

Regards,

Rene
[prev in list] [next in list] [prev in thread] [next in thread]