Publishing details

Removed from disk on 2025-05-07.
Removal requested on 2025-05-07.
Superseded on 2025-05-05 by libreoffice - 1:6.4.7-0ubuntu0.20.04.15~lo2
Published on 2025-01-23

Changelog

libreoffice (1:6.4.7-0ubuntu0.20.04.13~lo1) focal; urgency=medium

  * SECURITY UPDATE: Path traversal leading to arbitrary .ttf file write
    - debian/patches/CVE-2024-12425.patch: be conservative on allowed temp
      font names
    - CVE-2024-12425
  * SECURITY UPDATE: URL fetching can be used to exfiltrate arbitrary INI
      file values and environment variables
    - debian/patches/CVE-2024-12426-1.patch: consider VndSunStarExpand an
      exotic protocol
    - debian/patches/CVE-2024-12426-2.patch: look at 'embedded' protocols too
    - CVE-2024-12426
    - debian/patches/CVE-2024-12426-3.patch: Fix check for further exotic
      protocols

 -- Rico Tzschichholz <email address hidden>  Thu, 23 Jan 2025 14:54:13 +0100

Available diffs

diff from 1:6.4.7+mimo3-0ubuntu0.20.04.1~lo1 to 1:6.4.7-0ubuntu0.20.04.13~lo1 (pending)

Builds

Package files

No files published for this package.