Quick off the mark …
It looks as if 3.4.3 has been available since 31st August, why a story about this today? Or did I miss something?
LibreOffice users ought to update their software: a security hole has been discovered in the code used to import Microsoft Word documents into the open-source productivity suite. The latest version of the software contains a fix for the problem. A memory corruption-related vulnerability in the import code creates a possible …
So Firefox, Thunderbird, Opera, Chrome, Azureues/Vuze, jEdit etc. And Adobe Creative Suite I believe downloads and integrate updates without re-installing the whole lot. And not forgetting the many Linux distros that download and update changed components via a package manager.
All in violation of a patent? Wowzer!
Unless you worked for a company which was known to use LibreOffice, the chances of receiving a tainted .doc file with the express intent you open it up in another produce seems pretty low.
It would be nice if LibreOffice did implement a patch based update system. Such things exist. There should be no reason to have to have to download a 150Mb product and go through a full reinstall just to fix a handful of files.
Excuse me, you think 150 MB is an unreasonably large update patch?
Windows has security advisory -notices- that large.
Well, not quite. But if you're using LibreOffice, then it's quite likely that you don't have to keep Microsoft Office up to date on the same PC. That is a major saving.