[ubuntu/trusty-security] libreoffice 1:4.2.8-0ubuntu5.5 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Wed Feb 6 14:10:35 UTC 2019


libreoffice (1:4.2.8-0ubuntu5.5) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect integer data type in StgSmallStrm class
    - debian/patches/CVE-2018-10119.patch: use short->sal_Int32 like in
      StgDataStrm in sot/source/sdstor/stgstrms.cxx.
    - CVE-2018-10119
  * SECURITY UPDATE: heap-based buffer overflow in SwCTBWrapper::Read
    - debian/patches/CVE-2018-10120.patch: check index before use in
      sw/source/filter/ww8/ww8toolbar.cxx.
    - CVE-2018-10120
  * SECURITY UPDATE: information disclosure vulnerability via SMB link
    - debian/patches/CVE-2018-10583.patch: set Referer on link
      mediadescriptor in sw/source/filter/xml/xmltexti.cxx.
    - CVE-2018-10583
  * SECURITY UPDATE: overflow during string length calculation
    - debian/patches/CVE-2018-11790.patch: fix indexes in
      vcl/source/gdi/sallayout.cxx.
    - CVE-2018-11790
  * SECURITY UPDATE: Directory traversal flaw in script execution
    - debian/patches/CVE-2018-16858.patch: keep pyuno script processing
      below base uri in scripting/source/pyprov/pythonscript.py.
    - CVE-2018-16858

Date: 2019-02-04 19:43:18.369169+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/libreoffice/1:4.2.8-0ubuntu5.5
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list