Bug 872350 (CVE-2012-4233)
Summary: | CVE-2012-4233 libreoffice: multiple null pointer dereference flaws | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | caolanm, dtardon, erack, fweimer, jlieskov, ltinkl, mstahl, sbergman |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-11-06 17:31:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Vincent Danen
2012-11-01 20:40:10 UTC
I thought our policy was not to consider application crash a security issue. Has this changed? Or what is it about these crashes that makes them special (as opposed to, e.g., crashes reported by abrt, which are not marked as security issues)? Upstream advisory: https://www.libreoffice.org/advisories/cve-2012-4233/ Statement: Red Hat Security Response Team does not consider a user assisted denial of service (and potential crash) of end user application, such as tools from LibreOffice productivity suite, to be a security issue. |