Ubuntu

“libreoffice” 1:3.5.4-0ubuntu1.1 source package in The Precise Pangolin

Publishing history

1:3.5.4-0ubuntu1.1
SUPERSEDED: Precise pocket Updates in component main and section editors
  • Removal requested on 2013-02-16.
  • Superseded on 2013-02-15 by libreoffice - 1:3.5.7-0ubuntu4
  • Published on 2012-08-14
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Ubuntu Archive Robot
1:3.5.4-0ubuntu1.1
PUBLISHED: Precise pocket Security in component main and section editors
  • Published on 2012-08-14
  • Copied from ubuntu precise in Private PPA for Ubuntu Security Team by Marc Deslauriers

Changelog

libreoffice (1:3.5.4-0ubuntu1.1) precise-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via XML manifest encryption
    tag parsing code
    - debian/patches/CVE-2012-2665.diff: merge base64 encoders/decoders,
      check key size, unwind manifest xml parser and follow tag hierarchy
      model, count and order of receipt of properties doesn't matter.
    - debian/patches/CVE-2012-2665-binfilter.diff: use sax::Converter::
      base64 code instead, ThreeByteToFourByte and friends are no longer in
      use.
    - patches taken from Debian 1:3.5.4-7 package.
    - CVE-2012-2665
 -- Marc Deslauriers <email address hidden>   Tue, 07 Aug 2012 08:30:47 -0400