About the just fixed OpenOffice.org File Format Vulnerability
By user13342178 on Jul 04, 2006
They reported it to the OpenOffice.org
Security Team, and didn't publicly disclose the vulnerability
before we where able to provide updates with fixes for this issue.
Thanks for that!
This was also the first security issue
handled completely by the OpenOffice.org Security Team.
Security People from Sun and from different Linux distributions are member of the Security Team. After we received the report, all of them investigated into that for different OpenOffice.org and StarOffice versions.
And this was really good, because in the first step I thought the problem was already fixed in latest OOo builds.
But it wasn't - it was just hidden from a new memory manager implementation.
The buffer overflow still existed, but OOo didn't crash with the new memory manager.
Good to have this great OpenOffice.org Security Team :)