Bug 49890

Summary: libreoffice: Multiple issues (4.4)
Product: UCS Reporter: Quality Assurance <qa>
Component: Security updatesAssignee: Quality Assurance <qa>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P5    
Version: UCS 4.4   
Target Milestone: UCS 4.4-1-errata   
Hardware: All   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score: 0.0 () NVD

Description Quality Assurance univentionstaff 2019-07-22 11:44:41 CEST 
New Debian libreoffice 1:5.2.7-1+deb9u9 fixes:
This update addresses the following issues:
* libreoffice (CVE-2019-9848)
* libreoffice (CVE-2019-9849)
Comment 1 Quality Assurance univentionstaff 2019-07-22 12:01:18 CEST 
--- mirror/ftp/4.4/unmaintained/4.4-0/source/libreoffice_5.2.7-1+deb9u5.dsc
+++ apt/ucs_4.4-0-errata4.4-0/source/libreoffice_5.2.7-1+deb9u9.dsc
@@ -1,3 +1,29 @@
+1:5.2.7-1+deb9u9 [Tue, 18 Jun 2019 21:54:44 +0200] Rene Engelhard <rene@debian.org>:
+
+  * debian/patches/More-uses-of-referer-URL-with-SvxBrushItem.diff:
+    backport patch from libreoffice-6-2 branch to fix CVE-2019-9849 
+
+1:5.2.7-1+deb9u8 [Sun, 09 Jun 2019 10:31:22 +0200] Rene Engelhard <rene@debian.org>:
+
+  * debian/patches/sanitize-LibreLogo-calls.diff,
+    debian/patches/explictly-exclude-LibreLogo-from-XScript-usage.diff:
+    add from git; fixing CVE-2019-9848
+
+1:5.2.7-1+deb9u7 [Wed, 23 Jan 2019 18:51:09 +0100] Rene Engelhard <rene@debian.org>:
+
+  * debian/patches/mention-java-common-package.diff: update message to
+    reflect current config dir...
+  * debian/patches/disableClassPathURLCheck.diff: revert openjdk is fixed
+
+  * debian/control.in:
+    - make -core conflict against openjdk-8-jre-headless (= 8u181-b13-2~deb9u1)
+      (closes: 913641#) and build-conflict against it
+
+1:5.2.7-1+deb9u6 [Thu, 11 Apr 2019 21:48:53 +0200] Rene Engelhard <rene@debian.org>:
+
+   * debian/patches/jp-JP-Reiwa.diff: Introduce next Japanese gengou
+     era 'Reiwa', from libreoffice-6-1 branch
+
 1:5.2.7-1+deb9u5 [Wed, 23 Jan 2019 18:51:09 +0100] Rene Engelhard <rene@debian.org>:
 
   * debian/patches/disableClassPathURLCheck.diff: add workaround to

<http://10.200.17.11/4.4-0/#1408333030776520814>
Comment 2 Philipp Hahn univentionstaff 2019-07-23 10:17:45 CEST 
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.4-1] 01222f0851 Bug #49890: libreoffice 1:5.2.7-1+deb9u9
 doc/errata/staging/libreoffice.yaml | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

[4.4-1] 24d5a525bf Bug #49886, Bug #49890, Bug #49888, Bug #49889, Bug #49887, Bug #49885: 4.4-1 Errata
 doc/errata/staging/libreoffice.yaml | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
Comment 3 Erik Damrose univentionstaff 2019-07-24 15:03:18 CEST 
<http://errata.software-univention.de/ucs/4.4/188.html>