Hi,

Basically Hanno Boeck reported a serious bug in "libraptor", an RDF reader used by LibreOffice
3 years ago....

It did not get a CVE, and so was not picked up by Linux Distributions.

He actually got one some weeks ago, predisclosed the issue, and then wrote this
article about this experience.

Basically that without CVEs things are not getting fixed...

(He also dissed openSUSE as we were not yet out with the fix at the time of
the article.)

Ciao, Marcus

On Fri, Nov 27, 2020 at 08:02:02AM +0100, Mark Stopka wrote:
> It's in German and behind something that seems to be a pay-wall, anybody
> could do a simple Google Translate for us non-german speakers?
> --
> Best regards / S pozdravem,
> BSc. Mark Stopka, BBA
>
> mobile: +420 704 373 561
>
>
> On Mon, Nov 23, 2020 at 6:04 PM Marcus Meissner <meissner@suse.de> wrote:
>
> > On Fri, Nov 13, 2020 at 04:54:41PM +0100, Stakanov wrote:
> > > Artikel auf Golem.de lesen:
> > >
> > > https://glm.io/152105?m
> > >
> > > Hmmmm, we got "bad press" (German language) about a security issue.
> > (link
> > > above).
> >
> > I only now got back mod/admin rights to this list.
> >
> > We meanwhile have released raptor updates.
> >
> > If something does not have a CVE, it is quite hard for anyone to track,
> > so if there are security issues, CVE assignment should be pursued so
> > everyone can handle it:/
> >
> > Ciao, Marcus