Created attachment 91245 [details] C:\Program Files (x86)\LibreOffice 4\program\python33.dll is vulnerable according to Secunia and Python C:\Program Files (x86)\LibreOffice 4\program\python33.dll (version 3.3.150.1013) is vulnerable according to Secunia and Python. Version 3.3.3 is secure. Please see Secunia Advisory SA56226 at http://secunia.com/advisories/56226 A security issue and multiple vulnerabilities have been reported in Python, which can be exploited by malicious people to conduct spoofing attacks and cause a DoS (Denial of Service). The security issue and the vulnerabilities are reported in versions prior to 3.3.3. Solution: Update to version 3.3.3. Please also see http://www.python.org/download/releases/3.3.3/ http://docs.python.org/3.3/whatsnew/changelog.html
Your dll looks differen from mine (i downloaded attachment to c:\temp) C:\temp>md5 -v 2.2 (2008-01-14) C:\temp>md5 "C:\Program Files (x86)\LibreOffice 4\program\python3.dll" C8AB7B1D60B0D0E8AE70C625C9F4A76E C:\Program Files (x86)\LibreOffice 4\program\python3.dll C:\temp>md5 python33.dll 2C168A75276C9DC9BA0274A91B4D5940 python33.dll C:\temp>
Your file is python3.dll (not python33.dll), hence different MD5.
Michael Stahl committed a patch related to this issue. It has been pushed to "master": http://cgit.freedesktop.org/libreoffice/core/commit/?id=45c537a1185dfca7e51229dde9e9220e5174bd57 fdo#73087: python3: upgrade to version 3.3.3 The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-2": http://cgit.freedesktop.org/libreoffice/core/commit/?id=c5ab946abfe3b2c60253e3c724eee2be0bda0b81&h=libreoffice-4-2 fdo#73087: python3: upgrade to version 3.3.3 It will be available in LibreOffice 4.2. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.
fixed on master and 4.2; review for 4.1 pending in gerrit.
Michael Stahl committed a patch related to this issue. It has been pushed to "libreoffice-4-1": http://cgit.freedesktop.org/libreoffice/core/commit/?id=5d207e1a819a679738e0299972cef3d280122596&h=libreoffice-4-1 fdo#73087: python3: upgrade to version 3.3.3 It will be available in LibreOffice 4.1.5. The patch should be included in the daily builds available at http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More information about daily builds can be found at: http://wiki.documentfoundation.org/Testing_Daily_Builds Affected users are encouraged to test the fix and report feedback.