[ubuntu/noble-security] libreoffice 4:24.2.7-0ubuntu0.24.04.2 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Jan 27 13:55:05 UTC 2025
libreoffice (4:24.2.7-0ubuntu0.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: Path traversal leading to arbitrary .ttf file write
- debian/patches/CVE-2024-12425.patch: be conservative on allowed temp
font names
- CVE-2024-12425
* SECURITY UPDATE: URL fetching can be used to exfiltrate arbitrary INI
file values and environment variables
- debian/patches/CVE-2024-12426-1.patch: consider VndSunStarExpand an
exotic protocol
- debian/patches/CVE-2024-12426-2.patch: look at 'embedded' protocols too
- debian/patches/CVE-2024-12426-3.patch: Fix check for further exotic
protocols
- CVE-2024-12426
libreoffice (4:24.2.7-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream release (LP: #2086214)
[ Julian Andres Klode ]
* Pass CFLAGS, CXXFLAGS, CPPFLAGS, and LDFLAGS to external projects
(LP: #2073128)
libreoffice (4:24.2.6-0ubuntu0.24.04.1) noble; urgency=medium
* New upstream release (LP: #2079005)
[ Rene Engelhard ]
* debian/patches/jdk-minimal-and-zero-paths.diff: add new
minimal/zero JDK paths as of OpenJDK 21, thanks
WANG Xuerui <i.salsa at xen0n.name> (closes: #1079438).
* debian/patches/moreIconsDialog-accesses-internet.diff: fix logic
* debian/tests/control.in: go sure and add needs-internet restriction here,
too (it runs a additiondialog UI test)
Date: 2025-01-24 14:15:55.884455+00:00
Changed-By: Rico Tzschichholz <ricotz at web.de>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libreoffice/4:24.2.7-0ubuntu0.24.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list