In Red Hat 9, OpenOffice has an embedded copy of neon (WebDAV client) that is vulnerable to attacks by malicious servers: https://rhn.redhat.com/errata/RHSA-2004-163.html Does anyone know whether this also affects Red Hat 8.0? (I'll try to look into this when I get a chance, if nobody else beats me to the punch.) ------- Additional Comments From jkeating 2004-05-18 18:46:25 ---- One would assume 8.0 is vuln as well. This would be a good opportunity to bring 8.0's openoffice up to the same version as 9s for simplicity sake. I don't think much relies on OO.org, just itself, so unless there is any objections... ------- Additional Comments From jkeating 2004-05-19 17:58:35 ---- GAH! 9's oo.org srpm will not build on 8, requires too new of GCC. So, anybody want to try their hand at backporting the patch? It's only a 448 line patch.... ------- Additional Comments From marcdeslauriers 2004-05-26 13:26:20 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here is a source rpm with a backport for 8.0. Does anyone have a fast machine to try and build this? I started a build a few hours ago, so far so good, but it'll probably take a week to finish on my P2-400... 0b896407192882730e985c578480dbd4867df673 openoffice-1.0.1-9.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/openoffice-1.0.1-9.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAtSQgLMAs/0C4zNoRAm3wAKC8Y2K+cc63jrjqJPEemSmP7A9okgCgtMJp brN37uqExj+TIcBk17WtEnQ= =8IO7 -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2004-05-27 01:27:54 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Oups! Wrong sha1sum. Here is the right one: 191228f0d7b2f45415b9f35b46d7fb4f7c594c95 openoffice-1.0.1-9.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/openoffice-1.0.1-9.legacy.src.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAtdCoLMAs/0C4zNoRAuBzAKCsB99pBRYOl/DPmcFzl7HHdZt+OwCeK+qH +9X7LguYUkhDYqngfkEm6+E= =AEND -----END PGP SIGNATURE----- ------- Additional Comments From marcdeslauriers 2004-05-27 14:01:01 ---- -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 My computer finally finished building these. :) 2f85ada91a4bfed7023c883ef8672ebdc5180313 openoffice-1.0.1-9.legacy.i386.rpm 191228f0d7b2f45415b9f35b46d7fb4f7c594c95 openoffice-1.0.1-9.legacy.src.rpm f70f41b0c91bf034e3e49c9bd693258d053ac102 openoffice-i18n-1.0.1-9.legacy.i386.rpm 0d9e7f6a7f1b9dcfacc331220fe5dbd467602321 openoffice-libs-1.0.1-9.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/openoffice-1.0.1-9.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/openoffice-1.0.1-9.legacy.src.rpm http://www.infostrategique.com/linuxrpms/legacy/openoffice-i18n-1.0.1-9.legacy.i386.rpm http://www.infostrategique.com/linuxrpms/legacy/openoffice-libs-1.0.1-9.legacy.i386.rpm -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAtoDwLMAs/0C4zNoRAvdFAJoCNvAeA50B66N9ZqC/fHwScZi2hACeI8kb SisjCdPcGJ+yC0lPkQMCJMI= =pQiT -----END PGP SIGNATURE----- ------- Additional Comments From jkeating 2004-05-31 08:46:17 ---- 8.0 support dropped, this is now a non-issue. ------- Bug moved to this database by dkl 2005-03-30 18:24 ------- This bug previously known as bug 1545 at https://bugzilla.fedora.us/ https://bugzilla.fedora.us/show_bug.cgi?id=1545 Originally filed under the Fedora Legacy product and Package request component. Unknown priority P2. Setting to default priority "normal". Unknown platform PC. Setting to default platform "All". Setting qa contact to the default for this product. This bug either had no qa contact or an invalid one.