Apache OpenOffice (AOO) Bugzilla – Issue 10838
OpenOffice.org anoncvs should be patched ASAP against security flaw
Last modified: 2003-12-06 14:52:32 UTC
As reported in http://security.e-matters.de/advisories/012003.html, there is a security flaw in cvs that allows an atacker to attain a user (including root!) shell on a machine running a cvs server, including a read only anoncvs server. The cvs software running on the OpenOffice.org anoncvs server should thus be patched ASAP.
adding to CC: list
Action Plan: 1) File an internal issue (PCN) for our engineers to address this security flaw 2) update this issue when the engineers have updated the PCN PCN 14272 filed, Step 1 complete
All the sun machines were updated and patched on Jan 15th. Thanks for your concerns. Step 2 complete, closing issue
As agreed by Louis I will close these resolved fixed support-owned issues now. If you have trouble with that, please re-open the issue.