Issue 113119 - Update downloader does not verifiy downloaded files
Summary: Update downloader does not verifiy downloaded files
Status: CONFIRMED
Alias: None
Product: General
Classification: Code
Component: ui (show other issues)
Version: OOo 3.2.1
Hardware: PC All
: P2 Trivial (vote)
Target Milestone: ---
Assignee: AOO issues mailing list
QA Contact:
URL:
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-07-13 10:44 UTC by andreschnabel
Modified: 2017-05-20 11:35 UTC (History)
9 users (show)

See Also:
Issue Type: DEFECT
Latest Confirmation in: ---
Developer Difficulty: ---


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description andreschnabel 2010-07-13 10:44:29 UTC
As described in issue 113114, the online update system does not verify a
downloaded file. In fact it starts the update installation without any
verification of the downloaded file.

This should be considered as high security risk and I suggest to disable
automatic download and installation of updates until this is fixed.
Comment 1 Olaf Felka 2010-07-13 12:02:21 UTC
@ mh: Please decide how to proceed.
Comment 2 Mechtilde 2010-07-13 12:42:17 UTC
set to all OS
Comment 3 andreschnabel 2010-07-14 08:03:38 UTC
additional info regarding issue 113114:

Once a wrong file has been downloaded (in case of issue 113114 it was the "File
not found" html page), the update mechanism will not request a correct file from
the server, even if the server is reconfigured to deliver the correct file. You
need to restart search for updates manually to trigger the new download.

This behaviour is logical, assuming that we get a correct file for download, but
should be reconsidered when we change the download mechanism.
Comment 4 Marcus 2017-05-20 11:35:08 UTC
Reset assigne to the default "issues@openoffice.apache.org".