Publishing details

Changelog

libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium

  [ Marc Deslauriers ]

  * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using
    WEBSERVICE
    - debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s]
      protocols.
    - debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas
      with missing dde-link entries.
    - debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly
      to ocDde.
    - debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck()
      for .xls and .xlsx formula cells.
    - debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck()
      for conditional format expressions
    - debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck()
      for named expressions
    - debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via
      Function Wizard
    - CVE-2018-6871
  * SECURITY UPDATE: use-after-free in SwRootFrame
    - debian/patches/layout-footnote-use-after-free.diff: fix layout
      footnote use-after-free in SwRootFrame.
    - No CVE number.

 -- Olivier Tilloy <email address hidden>  Sat, 17 Feb 2018 22:55:08 +0100

Available diffs

Builds

Package files