[ubuntu/bionic-updates] libreoffice-l10n 1:6.0.7-0ubuntu0.18.04.9 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Aug 19 12:33:55 UTC 2019
libreoffice-l10n (1:6.0.7-0ubuntu0.18.04.9) bionic-security; urgency=medium
* SECURITY UPDATE: Insufficient URL validation allowing LibreLogo script execution
- debian/patches/CVE-2019-9850_1_2.diff: decode escape codes and ban scripts
with "LibreLogo" anywhere in its path.
- CVE-2019-9850
* SECURITY UPDATE: LibreLogo global-event script execution
- debian/patches/CVE-2019-9850_1_2.diff: catch more LibreLogo script executions
by expanding check to global events.
- CVE-2019-9851
* SECURITY UPDATE: Insufficient URL encoding flaw in allowed script location check
- debian/patches/CVE-2019-9850_1_2.diff: ensure that all URLs leaving
scriptURI2StorageUri() are percent-encoded.
- CVE-2019-9852
Date: 2019-08-15 13:53:14.026766+00:00
Changed-By: Marcus Tomlinson <marcus.tomlinson at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:6.0.7-0ubuntu0.18.04.9
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list