[ubuntu/xenial-updates] libreoffice 1:5.1.6~rc2-0ubuntu1~xenial9 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Aug 19 12:33:54 UTC 2019

libreoffice (1:5.1.6~rc2-0ubuntu1~xenial9) xenial-security; urgency=medium

  * SECURITY UPDATE: Insufficient URL validation allowing LibreLogo script execution
    - debian/patches/CVE-2019-9850_1_2.diff: decode escape codes and ban scripts
      with "LibreLogo" anywhere in its path.
    - CVE-2019-9850
  * SECURITY UPDATE: LibreLogo global-event script execution
    - debian/patches/CVE-2019-9850_1_2.diff: catch more LibreLogo script executions
      by expanding check to global events.
    - CVE-2019-9851
  * SECURITY UPDATE: Insufficient URL encoding flaw in allowed script location check
    - debian/patches/CVE-2019-9850_1_2.diff: ensure that all URLs leaving
      scriptURI2StorageUri() are percent-encoded.
    - CVE-2019-9852

Date: 2019-08-15 12:33:13.297907+00:00
Changed-By: Marcus Tomlinson <marcus.tomlinson at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list