Though those word processor files may not be widely circulated I thought it would be a good idea to give a heads-up notice for AOO users. OpenOffice recommended users delete the Hangul DLL file from their installation directory, and promised to fix it in the next release…which still hasn’t come out yet." The same hole was in LibreOffice, but LibreOffice patched it on April 25. there is a major security hole present in OpenOffice, involving files from Hangul Word Processor, an obscure Korean word processor format. The subject file is still in the PAc version of AOO. A quick search here didn't find any reference to this. I assume he'll be retracting that shortly.Ran across a security vulnerability in Apache OpenOffice while browsing at Teleread.
I recall, back when ASF was considering taking on OpenOffice, Jim Jagielski assuring people the ASF would have no problems keeping up to expectations on software for end users.
The project appears to have time to post excuses to blogs (so many excuses!) and embark on call-to-action marketing attacks on a Wikipedia article, but not in the past five months to remove one file from the AOO installer and stop installing security holes on their users' PCs. 'Cos that's the sort of thing that definitely hasn't historically led to any fallout.
This outraged the AOO "dev" list sufficiently that the esteemed Rob Weir tried to coordinate a marketing attack on Wikipedia, and on me personally, on a public list. I was sufficiently horrified to find yet another person running office software with a five months unfixed security hole that I wrote a blog post that is my biggest Tumblr hit to date.
No, it's not a bureaucracy taking time - it's a bureaucracy with nobody to actually run it. Posted 18:55 UTC (Mon) by davidgerard (guest, #100304)
0 kommentar(er)
