Apache OpenOffice Community Forum

User community support forum for Apache OpenOffice, LibreOffice and all the OpenOffice.org derivatives
https://forum.openoffice.org/en/forum/

Secunia warning for OO 2.4

https://forum.openoffice.org/en/forum/viewtopic.php?t=4962

Page 1 of 1

Secunia warning for OO 2.4

Posted: Mon Apr 21, 2008 1:36 pm
by st2430
I'm using the excellent Secunia PSI to ensure that my systems are up-to-date, and today it warned me that the installed OO is insecure. I installed 2.4 a short while ago so it came as a surprise. Secunia detects soffice.exe version 2.3.9280.500 and not a 2.4 version. Suspecting something is wrong, I removed the installed OO including all program folders and reinstalled, but with the same result! So it seems like something might be wrong with the packaging of 2.4. Checking the module I can confirm that it is indeed a 2.3 version just like Secunia has told me. This is the package I've installed, from openoffice.org: OOo_2.4.0_Win32Intel_install_en-US.exe

So what's wrong? TIA

Re: Secunia warning for OO 2.4

Posted: Tue Apr 22, 2008 12:47 pm
by DavidHB
The variant of Secunia I use does not check OpenOffice, but it does check Java, which throws up a related problem. For some reason, the 2.4 installer insists on installing Java 6, update 4 (which Secunia marks as insecure) when version 5 is already installed. Uninstalling version 4 breaks the link from Firefox to Java in version 5, so Secunia no longer works! The only fix is to reinstall version 5 all over again. Surely the OO installer could manage things better than this?

Re: Secunia warning for OO 2.4

Posted: Wed Apr 23, 2008 9:24 am
by Phil
I completely agree that it is really odd that the installer package comes with an out-of-date Java version, and that it is included in the default download.
Also, I think the installer should at least check whether a newer (or the same) JRE version is installed.

There is an issue that has been filed on this.

KR, phil

Re: Secunia warning for OO 2.4

Posted: Tue Apr 29, 2008 10:26 am
by Phil
Hi again,

at first, I didn't understand what you meant when writing:
st2430 wrote:Checking the module I can confirm that it is indeed a 2.3 version just like Secunia has told me.
But now I understood it as being the file version of soffice.exe and soffice.bin that indeed is not according: It is 2.3.9280.500 for OOo 2.4.0 (and BTW 2.3.9238.500 for OOo 2.3.1). So this is indeed strange.
I would not say that this is due to wrong packaging, I think the version number was simply not updated correctly.

We could file an issue about it, but I doubt it is really worthwhile.

KR, phil
All times are UTC+02:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited