Univention Bugzilla – Bug 48592
libreoffice: Multiple issues (4.3)
Last modified: 2019-02-06 12:35:52 CET
New Debian libreoffice 1:5.2.7-1+deb9u5 fixes: This update addresses the following issue: * Arbitrary python functions in arbitrary modules on the filesystem can be executed without warning (CVE-2018-16858)
--- mirror/ftp/4.3/unmaintained/4.3-1/source/libreoffice_5.2.7-1+deb9u4.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/libreoffice_5.2.7-1+deb9u5.dsc @@ -1,3 +1,16 @@ +1:5.2.7-1+deb9u5 [Wed, 23 Jan 2019 18:51:09 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/disableClassPathURLCheck.diff: add workaround to + fix build with openjdks with S8195874 included - add + -Djdk.net.URLClassPath.disableClassPathURLCheck=true to JAVAIFLAGS; + see https://gerrit.libreoffice.org/#/c/63118/2 + + * debian/patches/keep-pyuno-script-processing-below-base-uri.diff: as name + says (CVE-2018-16858) + * debian/patches/show-partial-signatures-even-if-cert-validation-fails.diff: + as name says (CERT-Bund#2018100828000257), but backport the non-UI parts only + - the "signing already existing PDFs" feature doesn't exist here yet + 1:5.2.7-1+deb9u4 [Wed, 18 Apr 2018 17:17:55 +0200] Rene Engelhard <rene@debian.org>: * debian/patches/CVE-2018-10119.diff, <http://10.200.17.11/4.3-3/#1408333030763530514>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 1f187d7190 Bug #48592: libreoffice 1:5.2.7-1+deb9u5 doc/errata/staging/libreoffice.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<http://errata.software-univention.de/ucs/4.3/414.html>