[ANNOUNCEMENT] Javadoc HTML frame injection vulnerability and AOO SDK

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[ANNOUNCEMENT] Javadoc HTML frame injection vulnerability and AOO SDK

Rob Weir
We've published a security bulletin and patch for the Apache
OpenOffice 3.4.1 SDK.

Due to a flaw in JavaDoc generated API documentation, one of the files
in the 3.4.1 SDK is vulnerable to an HTML frame injection attack.

Details on the issue, and a patched HTML file, can be found here:

http://www.openoffice.org/security/cves/CVE-2013-1571.html

Note: this impacts only installations of the SDK.  Normal end-user
installs of Apache OpenOffice are not impacted.

Regards,

Rob Weir
Apache OpenOffice Security Team

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]