Dear Hans,
I have to apologize myself for the late answer,
I was quite busy at School.
Anyway, I have not the skills to reproduce the bug,
neither I have found any documentation about how to reproduce it.
I simply noticed the following announced updates:
1. fedora on 11/9/2014 pushed an update fedora libreoffice update
against 4.2.6
they all speak as the vulnerability is against libreoffice earlier than
4.2.5 and linux
*any*
This is the best evidence I can produce.
I hope this mail to have been usefull,
and forgive my bad english :).
Best regards
Tiziano
2014-10-18 15:59 GMT+02:00 Hans Joachim Desserud <<email address hidden>
>:
> Thanks for taking your time to report this issue and help making Ubuntu
> better.
>
> I searched the Ubuntu CVE tracker, and it claims that this issue does
> not apply to Ubuntu (http://people.canonical.com/~ubuntu-
> security/cve/2014/CVE-2014-3575.html). I am not familiar with this issue
> though, so it would be nice if we could get a comment from someone who
> are.
>
> ** CVE added: http://www.cve.mitre.org/cgi-
> bin/cvename.cgi?name=2014-3575
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1380711
>
> Title:
> security CVE 2014-3575
>
> Status in "libreoffice" package in Ubuntu:
> New
>
> Bug description:
> dear mantainers, as you can see here
> http://www.securitytracker.com/id/1030804, libreoffice earlier than
> 4.2.6 secfix1 is vulnerable, as apache openoffice earlier than 4.1.1
> to CVE 2014-3575, if i understan correctly the report.
>
> thank's for you work.
> best regards
> Tiziano Casavecchia
>
> To manage notifications about this bug go to:
>
> https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1380711/+subscriptions
>
Dear Hans,
I have to apologize myself for the late answer,
I was quite busy at School.
Anyway, I have not the skills to reproduce the bug,
neither I have found any documentation about how to reproduce it.
I simply noticed the following announced updates:
1. fedora on 11/9/2014 pushed an update fedora libreoffice update
against 4.2.6
<https:/ /admin. fedoraproject. org/updates/ FEDORA- 2014-10732/ libreoffice- 4.2.6.3- 3.fc20? _csrf_token= 64d5a5974814b08 b5ab603be5c3c63 3bdc612ee7> lists.opensuse. org/opensuse- security- announce/ 2014-09/ msg00018. html>
2. opensuse on 15/9/2014 pushed an update opensuse libreoffice update
<http://
3. upstream libreoffice webpage /www.libreoffic e.org/about- us/security/ advisories/ cve-2014- 3575/>
<https:/
they all speak as the vulnerability is against libreoffice earlier than
4.2.5 and linux
*any*
This is the best evidence I can produce.
I hope this mail to have been usefull,
and forgive my bad english :).
Best regards
Tiziano
2014-10-18 15:59 GMT+02:00 Hans Joachim Desserud <<email address hidden>
>:
> Thanks for taking your time to report this issue and help making Ubuntu people. canonical. com/~ubuntu- cve/2014/ CVE-2014- 3575.html) . I am not familiar with this issue www.cve. mitre.org/ cgi- cgi?name= 2014-3575 /bugs.launchpad .net/bugs/ 1380711 www.securitytra cker.com/ id/1030804, libreoffice earlier than /bugs.launchpad .net/ubuntu/ +source/ libreoffice/ +bug/1380711/ +subscriptions
> better.
>
> I searched the Ubuntu CVE tracker, and it claims that this issue does
> not apply to Ubuntu (http://
> security/
> though, so it would be nice if we could get a comment from someone who
> are.
>
> ** CVE added: http://
> bin/cvename.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https:/
>
> Title:
> security CVE 2014-3575
>
> Status in "libreoffice" package in Ubuntu:
> New
>
> Bug description:
> dear mantainers, as you can see here
> http://
> 4.2.6 secfix1 is vulnerable, as apache openoffice earlier than 4.1.1
> to CVE 2014-3575, if i understan correctly the report.
>
> thank's for you work.
> best regards
> Tiziano Casavecchia
>
> To manage notifications about this bug go to:
>
> https:/
>