Univention Bugzilla – Bug 45916
libreoffice: Multiple issues (4.2)
Last modified: 2018-05-08 14:56:41 CEST
Upstream Debian package version 1:4.3.3-2+deb8u9 fixes these issues: * A vulnerability in OpenOffice's PPT file parser before 4.1.4, and specifically in PPTStyleSheet, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. (CVE-2017-12607) * A vulnerability in Apache OpenOffice Writer DOC file parser before 4.1.4, and specifically in ImportOldFormatStyles, allows attackers to craft malicious documents that cause denial of service (memory corruption and application crash) potentially resulting in arbitrary code execution. (CVE-2017-12608)
Mass-import from Debian-Security: python -m univention.repong.^Cbmirror -s jessie -r 4.2-3 --override=$HOME/REPOS/repo-ng/mirror/update_ucs42_mirror_from_debian.yml --errata=doc/errata --sql --process=ALL -vvvv --now=201801211553 YAML: git:bd6159834a..449aa5a7cf
e0fab0eacb Bug #45916 libreoffice: Add CVE-2018-6871
[4.2-3] b9598426d8 Bug #45916: libreoffice 1:4.3.3-2+deb8u11
--- mirror/ftp/4.2/unmaintained/4.2-2/source/libreoffice_4.3.3-2+deb8u7.dsc +++ apt/ucs_4.2-0-errata4.2-3/source/libreoffice_4.3.3-2+deb8u11.dsc @@ -1,3 +1,29 @@ +1:4.3.3-2+deb8u11 [Wed, 18 Apr 2018 16:50:25 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/CVE-2018-10119.diff, + debian/patches/CVE-2018-10120.diff: as name says... + +1:4.3.3-2+deb8u10 [Sun, 11 Feb 2018 13:13:11 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/WEBSERVICE-only-http-and-https.diff: backport; as name says. + fix for "Remote arbitrary file disclosure vulnerability via WEBSERVICE + formula" (CVE-2018-1055 / CVE-2018-6871) + * debian/patches/layout-footnote-use-after-free.diff: add; as name says. + possible patch for iDefense V-mct3ei5wml + +1:4.3.3-2+deb8u9 [Mon, 06 Nov 2017 07:07:31 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/CVE-2017-1260{7,8}.diff: don't create empty test files + * debian/patches/CVE-2017-12608.diff: remove filters-test.cxx hunk + +1:4.3.3-2+deb8u8 [Fri, 03 Nov 2017 16:32:54 +0100] Rene Engelhard <rene@debian.org>: + + * debian/rules: + - make i386 make check notfatal for now given the i386 Java Stack Clash + regression + * debian/patches/CVE-2017-12607.diff, debian/patches/CVE-2017-12608.diff. + debian/patches/series: apply patches for above CVEs + 1:4.3.3-2+deb8u7 [Mon, 24 Apr 2017 19:43:52 +0200] Rene Engelhard <rene@debian.org>: * debian/patches/CVE-2017-7870.diff: fix CVE-2017-7870
* No UCS specific patches * Comparison to previously shipped version ok * Installation Ok * Advisory Ok
<http://errata.software-univention.de/ucs/4.2/351.html>