In Red Hat 9, OpenOffice has an embedded copy of neon (WebDAV client) that is
vulnerable to attacks by malicious servers:
https://rhn.redhat.com/errata/RHSA-2004-163.html

Does anyone know whether this also affects Red Hat 8.0? (I'll try to look into
this when I get a chance, if nobody else beats me to the punch.)



------- Additional Comments From jkeating 2004-05-18 18:46:25 ----

One would assume 8.0 is vuln as well.  This would be a good opportunity to bring
8.0's openoffice up to the same version as 9s for simplicity sake.  I don't
think much relies on OO.org, just itself, so unless there is any objections...



------- Additional Comments From jkeating 2004-05-19 17:58:35 ----

GAH!  9's oo.org srpm will not build on 8, requires too new of GCC.  So, anybody
want to try their hand at backporting the patch?  It's only a 448 line patch....



------- Additional Comments From marcdeslauriers 2004-05-26 13:26:20 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Here is a source rpm with a backport for 8.0.
 
Does anyone have a fast machine to try and build this?
I started a build a few hours ago, so far so good, but
it'll probably take a week to finish on my P2-400...
 
0b896407192882730e985c578480dbd4867df673  openoffice-1.0.1-9.legacy.src.rpm
 
http://www.infostrategique.com/linuxrpms/legacy/openoffice-1.0.1-9.legacy.src.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFAtSQgLMAs/0C4zNoRAm3wAKC8Y2K+cc63jrjqJPEemSmP7A9okgCgtMJp
brN37uqExj+TIcBk17WtEnQ=
=8IO7
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-05-27 01:27:54 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Oups! Wrong sha1sum. Here is the right one:
 
191228f0d7b2f45415b9f35b46d7fb4f7c594c95  openoffice-1.0.1-9.legacy.src.rpm
 
http://www.infostrategique.com/linuxrpms/legacy/openoffice-1.0.1-9.legacy.src.rpm
 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
 
iD8DBQFAtdCoLMAs/0C4zNoRAuBzAKCsB99pBRYOl/DPmcFzl7HHdZt+OwCeK+qH
+9X7LguYUkhDYqngfkEm6+E=
=AEND
-----END PGP SIGNATURE-----




------- Additional Comments From marcdeslauriers 2004-05-27 14:01:01 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

My computer finally finished building these. :)

2f85ada91a4bfed7023c883ef8672ebdc5180313  openoffice-1.0.1-9.legacy.i386.rpm
191228f0d7b2f45415b9f35b46d7fb4f7c594c95  openoffice-1.0.1-9.legacy.src.rpm
f70f41b0c91bf034e3e49c9bd693258d053ac102  openoffice-i18n-1.0.1-9.legacy.i386.rpm
0d9e7f6a7f1b9dcfacc331220fe5dbd467602321  openoffice-libs-1.0.1-9.legacy.i386.rpm

http://www.infostrategique.com/linuxrpms/legacy/openoffice-1.0.1-9.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/openoffice-1.0.1-9.legacy.src.rpm
http://www.infostrategique.com/linuxrpms/legacy/openoffice-i18n-1.0.1-9.legacy.i386.rpm
http://www.infostrategique.com/linuxrpms/legacy/openoffice-libs-1.0.1-9.legacy.i386.rpm

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAtoDwLMAs/0C4zNoRAvdFAJoCNvAeA50B66N9ZqC/fHwScZi2hACeI8kb
SisjCdPcGJ+yC0lPkQMCJMI=
=pQiT
-----END PGP SIGNATURE-----




------- Additional Comments From jkeating 2004-05-31 08:46:17 ----

8.0 support dropped, this is now a non-issue.



------- Bug moved to this database by dkl 2005-03-30 18:24 -------

This bug previously known as bug 1545 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1545
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.