[ubuntu/focal-updates] libreoffice 1:6.4.7-0ubuntu0.20.04.5 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Oct 6 14:00:29 UTC 2022
libreoffice (1:6.4.7-0ubuntu0.20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: Improper Certificate Validation vulnerability
- debian/patches/CVE-2022-26305.patch: compare authors using Thumbprint
in xmlsecurity/source/component/documentdigitalsignatures.cxx.
- CVE-2022-26305
* SECURITY UPDATE: stored passwords IV always the same
- debian/patches/CVE-2022-26306.patch: add Initialization Vectors to
password storage in
officecfg/registry/schema/org/openoffice/Office/Common.xcs,
svl/source/passwordcontainer/passwordcontainer.cxx,
svl/source/passwordcontainer/passwordcontainer.hxx.
- CVE-2022-26306
* SECURITY UPDATE: password storage master key weak entropy
- debian/patches/CVE-2022-26307-1.patch: make hash encoding match
decoding in
officecfg/registry/schema/org/openoffice/Office/Common.xcs,
svl/source/passwordcontainer/passwordcontainer.cxx,
svl/source/passwordcontainer/passwordcontainer.hxx,
uui/source/iahndl-authentication.cxx.
- debian/patches/CVE-2022-26307-2.patch: add infobar to prompt to
refresh to replace old format in include/sfx2/strings.hrc,
include/sfx2/viewfrm.hxx, sfx2/source/view/viewfrm.cxx.
- CVE-2022-26307
Date: 2022-09-30 12:52:08.862853+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list