Univention Bugzilla – Bug 49894
libreoffice: Multiple issues (4.3)
Last modified: 2019-07-24 16:01:02 CEST
New Debian libreoffice 1:5.2.7-1+deb9u9 fixes: This update addresses the following issues: * LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. (CVE-2019-9848) * LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5. (CVE-2019-9849)
--- mirror/ftp/4.3/unmaintained/4.3-4/source/libreoffice_5.2.7-1+deb9u5.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/libreoffice_5.2.7-1+deb9u9.dsc @@ -1,3 +1,29 @@ +1:5.2.7-1+deb9u9 [Tue, 18 Jun 2019 21:54:44 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/More-uses-of-referer-URL-with-SvxBrushItem.diff: + backport patch from libreoffice-6-2 branch to fix CVE-2019-9849 + +1:5.2.7-1+deb9u8 [Sun, 09 Jun 2019 10:31:22 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/sanitize-LibreLogo-calls.diff, + debian/patches/explictly-exclude-LibreLogo-from-XScript-usage.diff: + add from git; fixing CVE-2019-9848 + +1:5.2.7-1+deb9u7 [Wed, 23 Jan 2019 18:51:09 +0100] Rene Engelhard <rene@debian.org>: + + * debian/patches/mention-java-common-package.diff: update message to + reflect current config dir... + * debian/patches/disableClassPathURLCheck.diff: revert openjdk is fixed + + * debian/control.in: + - make -core conflict against openjdk-8-jre-headless (= 8u181-b13-2~deb9u1) + (closes: 913641#) and build-conflict against it + +1:5.2.7-1+deb9u6 [Thu, 11 Apr 2019 21:48:53 +0200] Rene Engelhard <rene@debian.org>: + + * debian/patches/jp-JP-Reiwa.diff: Introduce next Japanese gengou + era 'Reiwa', from libreoffice-6-1 branch + 1:5.2.7-1+deb9u5 [Wed, 23 Jan 2019 18:51:09 +0100] Rene Engelhard <rene@debian.org>: * debian/patches/disableClassPathURLCheck.diff: add workaround to <http://10.200.17.11/4.3-4/#1408333030776520814>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] 75258da6ab Bug #49894: libreoffice 1:5.2.7-1+deb9u9 doc/errata/staging/libreoffice.yaml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) [4.3-4] 3732ca913e Bug #49894: libreoffice 1:5.2.7-1+deb9u9 doc/errata/staging/libreoffice.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<http://errata.software-univention.de/ucs/4.3/547.html>