Hello Derek, Le 10 août 2019 06:38:34 GMT+02:00, Derek Currie <[email protected]> a écrit : >I've been following this situation closely and advising users about the >workaround for *CVE-2019-9848*. > >*Problem:* The Document Foundation has stated that the patch for >CVE-2019-9848 was not entirely effective. I can provide documentation. >A >further patch was supposed to be applied in version 6.3.4 this week. >And yet >there is no record in the release notes of that patch. Instead, there >is an >incorrect listing that CVE-2019-9848 was patched in v6.2.5.2, which has >been >published to not be the case.
So both MITRE and the Document Foundation are wrong according to you? Also, 6.3.0/was just released, not 6.3.4, and in my understanding has also the proper patch(es). This is of course a rather dynamic situation that our security team is actively working on. > >https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/ ><https://www.libreoffice.org/about-us/security/advisories/cve-2019-9848/> > > >This situation is thoroughly confusing users. > I am not sure it is... >I'm continuing to advise users to apply the workaround for >CVE-2019-9848. What workaround? Are you in charge of users in a professional environment? Thanks, Charles. > >Please sort this out ASAP. > >Thank you. > >Derek Currie > > > >-- >Sent from: >http://document-foundation-mail-archive.969070.n3.nabble.com/Discuss-f1621725.html -- Envoyé de mon appareil Android avec Courriel K-9 Mail. Veuillez excuser ma brièveté. -- To unsubscribe e-mail to: [email protected] Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy
