Bug 486643

Summary: Creating HTML MailMerge Appends Database records to the Bottom of the File
Product: [Fedora] Fedora Reporter: Eli Wapniarski <eli>
Component: openoffice.orgAssignee: Caolan McNamara <caolanm>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 10CC: caolanm, jnavrati
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-02-22 23:18:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Eli Wapniarski 2009-02-20 20:07:36 UTC
As I indicate when I create an HTML mailmerge to an email the file created has appended to the bottom of the all records of the database.

I will leave this up to your determination as to whether or not this is a security issue.

Comment 1 Caolan McNamara 2009-02-22 23:18:59 UTC
"the file created has appended to the bottom of the all records of the database."

I don't understand the problem, can you re-phrase this with all the steps you used to arrive at a situation where you think there "is a security issue."

Comment 2 Eli Wapniarski 2009-02-23 05:56:41 UTC
Tools -> MailMerge -> Use the current document -> Next

E-mail message -> Next

Select Address List (Select the Address database and table that you want
Filter if you want to by click on filter) -> Next

(Create a salutation if you want to) -> Next

(Preview and edit the document if you want to) -> Next

(Personalize the mail merge) -> Edit individual document -> Scroll down the
document and records in the database are in the document in table form ready to
be sent along with the document (Note: this could be a result of filtering
since before I make myself look silly I need to check if things look OK so I'm
sending a mailmerge email to myself). -> Next

POTENTIAL SECURITY ISSUE

If the personalized data of other people are accidentally sent via email that data could potentially be sensitive or confidential. In such a case, it could disastrous if that data got out don't you think.

Comment 3 Caolan McNamara 2009-02-23 09:47:08 UTC
Getting the entire contents of the database dumped at the end of the file sent out to everyone included in the mail merge would definitely be a bug, but this doesn't happen for me though when I try it from scratch

Comment 4 Eli Wapniarski 2009-02-23 10:28:35 UTC
Try filtering out 1 email address from the list.