From owner-freebsd-openoffice@FreeBSD.ORG  Fri Sep 17 03:38:11 2004
Return-Path: <owner-freebsd-openoffice@FreeBSD.ORG>
Delivered-To: freebsd-openoffice@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id CC9D316A4CE; Fri, 17 Sep 2004 03:38:11 +0000 (GMT)
Received: from satie.private.org (qclgw.qcl.t.u-tokyo.ac.jp [133.11.70.190])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id E5D4543D53; Fri, 17 Sep 2004 03:38:10 +0000 (GMT)
	(envelope-from chat95@mac.com)
Received: from localhost (localhost [127.0.0.1])
	by satie.private.org (8.12.10/8.12.10) with ESMTP id i8H3c4jR002569;
	Fri, 17 Sep 2004 12:38:06 +0900 (JST)
	(envelope-from chat95@mac.com)
Date: Fri, 17 Sep 2004 12:38:04 +0900 (JST)
Message-Id: <20040917.123804.893775576.chat95@mac.com>
To: nectar@FreeBSD.org, openoffice@FreeBSD.org
From: NAKATA Maho <chat95@mac.com>
In-Reply-To: <41499F06.80200@sun.com>
References: <B128FA3522ABD211BE100008C756689B025F8CB0@hnvr-sts-exs01.sigtech.saic.com>
	<20040914.194619.276750997.chat95@mac.com>	<41499F06.80200@sun.com>
Organization: private
X-Mailer: Mew version 3.3 on XEmacs 21.4.14 (Reasonable Discussion)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dev] security vulnerability of using mozilla runtime?
X-BeenThere: freebsd-openoffice@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting OpenOffice to FreeBSD <freebsd-openoffice.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-openoffice>,
	<mailto:freebsd-openoffice-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-openoffice>
List-Post: <mailto:freebsd-openoffice@freebsd.org>
List-Help: <mailto:freebsd-openoffice-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-openoffice>,
	<mailto:freebsd-openoffice-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2004 03:38:11 -0000

Dear nectar and all

I recieved a message about mozilla runtime which OOo port inernally use=
s.
Some people and portsaudit show us there are security risks using
mozilla 1.0.2, however, there not seem to be security vulnerabilities.
I'll delete WITHOUT_MOZILLA=3Dyes as soon as possible.

In Message-ID: <41499F06.80200@sun.com> =

Frank Sch=F6nheit <frank.schoenheit@sun.com> wrote:

> hello Nakata,
> =

> > o using mozilla runtime which came with OOo distribution inherits t=
his
> >   security vulnerability?
> =

> none of the mentioned security holes should affect OOo 1.x, since the=

> respective code is not used in 1.x.
> For 2.0, we offer SSL encryption for LDAP address data access, using
> Mozilla's LDAP/SSL libraries, so the third vulnarability you mention
> would indeed also affect OOo 2.0. I think we will change to the lates=
t
> available 1.7.x before OOo 2.0 is shipped.
> =

> Thanks & Ciao
> Frank

thanks!
--nakata maho