[ubuntu/xenial-security] libreoffice 1:5.1.6~rc2-0ubuntu1~xenial3 (Accepted)
Chris Coulson
chrisccoulson at ubuntu.com
Wed Feb 21 19:08:43 UTC 2018
libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: remote arbitrary file disclosure vulnerability using
WEBSERVICE
- debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s]
protocols.
- debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas
with missing dde-link entries.
- debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly
to ocDde.
- debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck()
for .xls and .xlsx formula cells.
- debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck()
for conditional format expressions
- debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck()
for named expressions
- debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via
Function Wizard
- CVE-2018-6871
* SECURITY UPDATE: use-after-free in SwRootFrame
- debian/patches/layout-footnote-use-after-free.diff: fix layout
footnote use-after-free in SwRootFrame.
- No CVE number.
Date: 2018-02-19 16:33:12.783974+00:00
Changed-By: Olivier Tilloy <olivier.tilloy at canonical.com>
Signed-By: Chris Coulson <chrisccoulson at ubuntu.com>
https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial3
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list