[ubuntu/jammy-updates] libreoffice 1:7.3.7-0ubuntu0.22.04.8 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Jan 27 16:15:31 UTC 2025
libreoffice (1:7.3.7-0ubuntu0.22.04.8) jammy-security; urgency=medium
* SECURITY UPDATE: Path traversal leading to arbitrary .ttf file write
- debian/patches/CVE-2024-12425.patch: be conservative on allowed temp
font names
- CVE-2024-12425
* SECURITY UPDATE: URL fetching can be used to exfiltrate arbitrary INI
file values and environment variables
- debian/patches/CVE-2024-12426-1.patch: consider VndSunStarExpand an
exotic protocol
- debian/patches/CVE-2024-12426-2.patch: look at 'embedded' protocols too
- CVE-2024-12426
- debian/patches/CVE-2024-12426-3.patch: Fix check for further exotic
protocols
Date: 2025-01-24 14:12:22.244432+00:00
Changed-By: Rico Tzschichholz <ricotz at web.de>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-0ubuntu0.22.04.8
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list