Apache OpenOffice (AOO) Bugzilla – Issue 126896
bundled curl version 7.19.7 has many vulnerabilities
Last modified: 2016-07-28 21:35:08 UTC
Created attachment 85374 [details] patch to ugprade bundled curl to version 7.48.0 The curl-7.19.7 software bundled with Openoffice has these security vulnerabilities: CVE-2010-0734 CVE-2011-2192 CVE-2013-2174 CVE-2014-3143 CVE-2014-3144 CVE-2014-3145 CVE-2014-3148 CVE-2014-8150 CVE-2015-3153 CVE-2016-0755 The attached patch upgrades curl to version 7.48.0 which has no publicly disclosed vulnerabilities at this time. This version of curl appears to require no patches to integrate it with OpenOffice.
Set status as PATCH
Created attachment 85615 [details] patch to ugprade bundled curl to version 7.49.1 The latest version of curl is now 7.49.1. Update LICENSE info (copyright date and contributor info). This has been tested on FreeBSD, CentOS, and Windows by doing: File->Open and specifying an ftp URL. Note: We have a tarball of the old version of curl checked into svn under ext_sources. Should this be removed and the new version checked in?
Curl did need a patch for Windows to produce a library with the name that we expect.
"truckman" committed SVN revision 1754469 into trunk: #i126896#: bundled curl version 7.19.7 has many vulnerabilities
Patch to upgrade to curl 7.49.1 committed.