This is an automated email from the ASF dual-hosted git repository.
git-site-role pushed a commit to branch asf-site
in repository https://gitbox.apache.org/repos/asf/openoffice-org.git
The following commit(s) were added to refs/heads/asf-site by this push:
new 90b402c337 git-site-role commit from copy_staging.sh
90b402c337 is described below
commit 90b402c33781e86988511721387f1d360a49a17c
Author: jenkins <[email protected]>
AuthorDate: Wed Mar 22 18:34:13 2023 +0000
git-site-role commit from copy_staging.sh
---
content/feed.xml | 4 +-
content/fr/download/msg_prop_l10n_fr.js | 1 +
content/security/cves/CVE-2022-38745.html | 107 +++++++++++++++++++++++++++++
content/security/cves/CVE-2022-40674.html | 96 ++++++++++++++++++++++++++
content/security/cves/CVE-2022-47502.html | 109 ++++++++++++++++++++++++++++++
content/stats/aoo-downloads.txt | 35 ++++++++++
6 files changed, 350 insertions(+), 2 deletions(-)
diff --git a/content/feed.xml b/content/feed.xml
index 2e0c547504..e42f3d16fe 100644
--- a/content/feed.xml
+++ b/content/feed.xml
@@ -6,8 +6,8 @@
<atom:link href="http://localhost:8820/feed.xml"; rel="self"
type="application/rss+xml" />
<description>OpenOffice.org Feed</description>
<language>en-us</language>
- <pubDate>Fri, 10 Mar 2023 17:41:30 +0000</pubDate>
- <lastBuildDate>Fri, 10 Mar 2023 17:41:30 +0000</lastBuildDate>
+ <pubDate>Wed, 22 Mar 2023 18:22:30 +0000</pubDate>
+ <lastBuildDate>Wed, 22 Mar 2023 18:22:30 +0000</lastBuildDate>
</channel>
diff --git a/content/fr/download/msg_prop_l10n_fr.js
b/content/fr/download/msg_prop_l10n_fr.js
index 7e7af0b663..54dd508b50 100644
--- a/content/fr/download/msg_prop_l10n_fr.js
+++ b/content/fr/download/msg_prop_l10n_fr.js
@@ -359,6 +359,7 @@ l10n.dl_analyze_table_javascript_text =
"JavaScript functions/variables";
// General: Links to webpage files that could be localized.
+l10n.dl_rel_notes_aoo4114_link =
"https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=247827079";;
l10n.dl_rel_notes_aoo4113_link =
"https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=217393127";;
l10n.dl_rel_notes_aoo4112_link =
"https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=211884130";;
l10n.dl_rel_notes_aoo4111_link =
"https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=191334515";;
diff --git a/content/security/cves/CVE-2022-38745.html
b/content/security/cves/CVE-2022-38745.html
new file mode 100644
index 0000000000..25ae75a281
--- /dev/null
+++ b/content/security/cves/CVE-2022-38745.html
@@ -0,0 +1,107 @@
+
+<!--#include virtual="/doctype.html" -->
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+ <link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2022-38745</title>
+
+
+ <script src="https://www.apachecon.com/event-images/snippet.js";></script>
+ </head>
+ <body>
+ <!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a> » <a
href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+ <p>
+ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-38745";>CVE-2022-38745</a>
+ </p>
+ <p>
+ <a
href="https://www.openoffice.org/security/cves/CVE-2022-38745.html";>Apache
OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>An empty class path may lead to run arbitrary Java code</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.14</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ It is possible to configure Apache OpenOffice so that it launches the JVM
giving an empty class path,
+ that means: "load classes from the current directory". This may lead to
run arbitrary Java code.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration does not exist.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.13 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.14 for the latest maintenance and
cumulative security fixes.
+ Use the Apache OpenOffice <a
href="https://www.openoffice.org/download/";> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank the European
Commission's Open Source Programme
+ Office for discovering and reporting this attack vector.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/";>Apache OpenOffice Community
Forums</a>
+ or make requests to the
+ <a
href="mailto:[email protected]";>[email protected]</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be
found at the
+ <a href="https://www.openoffice.org/security/bulletin.html";>Bulletin
Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org";>Security Home</a>->
+ <a
href="https://www.openoffice.org/security/bulletin.html";>Bulletin</a>->
+ <a
href="https://www.openoffice.org/security/cves/CVE-2022-38745.html";>CVE-2022-38745</a>
+ </p>
+
+
+ </div>
+ <!--#include virtual="/footer.html" -->
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2022-40674.html
b/content/security/cves/CVE-2022-40674.html
new file mode 100644
index 0000000000..627c6ab5d0
--- /dev/null
+++ b/content/security/cves/CVE-2022-40674.html
@@ -0,0 +1,96 @@
+
+<!--#include virtual="/doctype.html" -->
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+ <link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2022-40674</title>
+
+
+ <script src="https://www.apachecon.com/event-images/snippet.js";></script>
+ </head>
+ <body>
+ <!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a> » <a
href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+ <p>
+ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40674";>CVE-2022-40674</a>
+ </p>
+ <p>
+ <a
href="https://www.openoffice.org/security/cves/CVE-2022-40674.html";>Apache
OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>"Use after free" fixed in expat >= 2.4.9</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.14</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ libexpat before 2.4.9 has a use-after-free in the doContent function in
xmlparse.c.
+ </p>
+ <p>
+ <strong>Severity: Moderate</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration does not exist.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.13 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.14 for the latest maintenance and
cumulative security fixes.
+ Use the Apache OpenOffice <a
href="https://www.openoffice.org/download/";> download page</a>.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/";>Apache OpenOffice Community
Forums</a>
+ or make requests to the
+ <a
href="mailto:[email protected]";>[email protected]</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be
found at the
+ <a href="https://www.openoffice.org/security/bulletin.html";>Bulletin
Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org";>Security Home</a>->
+ <a
href="https://www.openoffice.org/security/bulletin.html";>Bulletin</a>->
+ <a
href="https://www.openoffice.org/security/cves/CVE-2022-40674.html";>CVE-2022-40674</a>
+ </p>
+
+
+ </div>
+ <!--#include virtual="/footer.html" -->
+ </body>
+</html>
diff --git a/content/security/cves/CVE-2022-47502.html
b/content/security/cves/CVE-2022-47502.html
new file mode 100644
index 0000000000..7748308595
--- /dev/null
+++ b/content/security/cves/CVE-2022-47502.html
@@ -0,0 +1,109 @@
+
+<!--#include virtual="/doctype.html" -->
+<html>
+ <head>
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+
+ <link href="/css/ooo.css" rel="stylesheet" type="text/css">
+
+ <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+ <title>CVE-2022-47502</title>
+
+
+ <script src="https://www.apachecon.com/event-images/snippet.js";></script>
+ </head>
+ <body>
+ <!--#include virtual="/brand.html" -->
+ <div id="topbara">
+ <!--#include virtual="/topnav.html" -->
+ <div id="breadcrumbsa"><a href="/">home</a> » <a
href="/security/">security</a> » <a
href="/security/cves/">cves</a></div>
+ </div>
+ <div id="clear"></div>
+
+
+ <div id="content">
+
+
+ <p>
+ <a
href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-47502";>CVE-2022-47502</a>
+ </p>
+ <p>
+ <a
href="https://www.openoffice.org/security/cves/CVE-2022-47502.html";>Apache
OpenOffice Advisory</a>
+ </p>
+ <p style="text-align:center; font-size:largest">
+ <strong>Macro URL arbitrary script execution without warning</strong>
+ </p>
+ <p style="text-align:center; font-size:larger">
+ <strong>Fixed in Apache OpenOffice 4.1.14</strong>
+ </p>
+ <p>
+ <strong>Description</strong>
+ </p>
+ <p>
+ Apache OpenOffice supports Office URI Schemes to enable browser
integration of Apache OpenOffice with
+ MS SharePoint server. In the affected versions links could be constructed
to call internal macros
+ with arbitrary arguments. Which when clicked on, or activated by document
events, could result in
+ arbitrary script execution without warning.
+ </p>
+ <p>
+ <strong>Severity: Critical</strong>
+ </p>
+ <p>
+ There are no known exploits of this vulnerability.
+ <br />
+ A proof-of-concept demonstration exists.
+ </p>
+ <p>
+ Thanks to the reporter for discovering this issue.
+ </p>
+ <p>
+ <strong>Vendor: The Apache Software Foundation</strong>
+ </p>
+ <p>
+ <strong>Versions Affected</strong>
+ </p>
+ <p>
+ All Apache OpenOffice versions 4.1.13 and older are affected.
+ <br />
+ OpenOffice.org versions may also be affected.
+ </p>
+ <p>
+ <strong>Mitigation</strong>
+ </p>
+ <p>
+ Install Apache OpenOffice 4.1.14 for the latest maintenance and
cumulative security fixes.
+ Use the Apache OpenOffice <a
href="https://www.openoffice.org/download/";> download page</a>.
+ </p>
+ <p>
+ <strong>Acknowledgments</strong>
+ </p>
+ <p>
+ The Apache OpenOffice Security Team would like to thank Altin Thartori
(tin-z) for discovering and
+ reporting this attack vector.
+ </p>
+ <p>
+ <strong>Further Information</strong>
+ </p>
+ <p>
+ For additional information and assistance, consult the
+ <a href="https://forum.openoffice.org/";>Apache OpenOffice Community
Forums</a>
+ or make requests to the
+ <a
href="mailto:[email protected]";>[email protected]</a>
+ public mailing list.
+ </p>
+ <p>
+ The latest information on Apache OpenOffice security bulletins can be
found at the
+ <a href="https://www.openoffice.org/security/bulletin.html";>Bulletin
Archive page</a>.
+ </p>
+ <hr />
+ <p>
+ <a href="https://security.openoffice.org";>Security Home</a>->
+ <a
href="https://www.openoffice.org/security/bulletin.html";>Bulletin</a>->
+ <a
href="https://www.openoffice.org/security/cves/CVE-2022-47502.html";>CVE-2022-47502</a>
+ </p>
+
+
+ </div>
+ <!--#include virtual="/footer.html" -->
+ </body>
+</html>
diff --git a/content/stats/aoo-downloads.txt b/content/stats/aoo-downloads.txt
index 85a7e7a8db..552efd01b2 100644
--- a/content/stats/aoo-downloads.txt
+++ b/content/stats/aoo-downloads.txt
@@ -3932,3 +3932,38 @@
2023-02-10,59942,342856098
2023-02-11,54364,342910462
2023-02-12,50362,342960824
+2023-02-13,56277,343017101
+2023-02-14,69235,343086336
+2023-02-15,64048,343150384
+2023-02-16,59348,343209732
+2023-02-17,68457,343278189
+2023-02-18,55884,343334073
+2023-02-19,53991,343388064
+2023-02-20,75718,343463782
+2023-02-21,55071,343518853
+2023-02-22,66812,343585665
+2023-02-23,68353,343654018
+2023-02-24,69707,343723725
+2023-02-25,56620,343780345
+2023-02-26,67340,343847685
+2023-02-27,72671,343920356
+2023-02-28,86407,344006763
+2023-03-01,95345,344102108
+2023-03-02,75951,344178059
+2023-03-03,84280,344262339
+2023-03-04,82439,344344778
+2023-03-05,81171,344425949
+2023-03-06,107498,344533447
+2023-03-07,112216,344645663
+2023-03-08,95636,344741299
+2023-03-09,88866,344830165
+2023-03-10,92710,344922875
+2023-03-11,64096,344986971
+2023-03-12,65304,345052275
+2023-03-13,97851,345150126
+2023-03-14,82843,345232969
+2023-03-15,86483,345319452
+2023-03-16,89713,345409165
+2023-03-17,131923,345541088
+2023-03-18,75977,345617065
+2023-03-19,72298,345689363
