Univention Bugzilla – Bug 46634
libreoffice: Multiple issues (4.3)
Last modified: 2018-05-16 17:04:09 CEST
New Debian libreoffice 1:5.2.7-1+deb9u3 fixes: This update addresses the following issues: * Improvement to not throw more errors than neccessary (use the right error code) on WEBSERVICE() failures. * Do another replacement of FormulaError::NoValue to formula::errNoValue for clarity. * Backport from 5.4 branch to let FunctionAccess execute WEBSERVICE.
[4.3-0] 852f819a07 Bug #46634: libreoffice_1:5.2.7-1+deb9u3
CVE-2018-10119 libreoffice: Use after free in sdstor/stgstrms.cxx:StgSmallStrm class allows for denial of service with crafted document CVE-2018-10120 libreoffice: Out of bounds write in filter/ww8/ww8toolbar.cxx:SwCTBWrapper class allows for denial of service with crafted document [4.3-0] 97fa875e41 Bug #46634: libreoffice 1:5.2.7-1+deb9u4 i386 is missing on Debian: <https://packages.debian.org/stretch/libreoffice>
(In reply to Philipp Hahn from comment #2) > [4.3-0] 97fa875e41 Bug #46634: libreoffice 1:5.2.7-1+deb9u4 > i386 is missing on Debian: <https://packages.debian.org/stretch/libreoffice> Fixed by mirroring i386 from Debian-Security after Mirror update.
--- mirror/ftp/4.3/unmaintained/4.3-0/source/libreoffice_5.2.7-1+deb9u2.dsc +++ apt/ucs_4.3-0-errata4.3-0/source/libreoffice_5.2.7-1+deb9u4.dsc @@ -1,3 +1,22 @@ +1:5.2.7-1+deb9u4 [Wed, 18 Apr 2018 17:17:55 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/CVE-2018-10119.diff, + debian/patches/CVE-2018-10120.diff: as name says... + +1:5.2.7-1+deb9u3 [Thu, 22 Feb 2018 11:14:18 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/WEBSERVICE-DDE.diff: + - improve to not throw more errors than neccessary (use the right error + code) on WEBSERVICE() failures, thanks Jan-Marek Glogowski; do another + s/FormulaError::NoValue/formula::errNoValue/ for clarity + - backport 4a412bdf0387cc2cb59d656d0738a63a286ec497 from 5.4 branch + to let FunctionAccess execute WEBSERVICE + + * debian/rules: + - do not run the tests except on i386 (notfatal) and amd64 + - move dk.mk from -dev-common to -dev as it's not arch-indep, thanks + Rico Tzschichholz + 1:5.2.7-1+deb9u2 [Fri, 09 Feb 2018 07:22:22 +0100] Rene Engelhard <rene@debian.org>: * fix control
* No UCS specific patches * Comparison to previously shipped version ok * Binary package update Ok * Advisory Ok
<http://errata.software-univention.de/ucs/4.3/57.html>