libreoffice (1:5.1.6~rc2-0ubuntu1~xenial10) xenial-security; urgency=medium * SECURITY UPDATE: Unsafe URL assembly flaw in allowed script location check - debian/patches/CVE-2019-9854.diff: assemble the parsed url describing a script's location from the output of the preceding verification step. - CVE-2019-9854 -- Marcus Tomlinson Sat, 21 Sep 2019 13:44:15 +0200 libreoffice (1:5.1.6~rc2-0ubuntu1~xenial9) xenial-security; urgency=medium * SECURITY UPDATE: Insufficient URL validation allowing LibreLogo script execution - debian/patches/CVE-2019-9850_1_2.diff: decode escape codes and ban scripts with "LibreLogo" anywhere in its path. - CVE-2019-9850 * SECURITY UPDATE: LibreLogo global-event script execution - debian/patches/CVE-2019-9850_1_2.diff: catch more LibreLogo script executions by expanding check to global events. - CVE-2019-9851 * SECURITY UPDATE: Insufficient URL encoding flaw in allowed script location check - debian/patches/CVE-2019-9850_1_2.diff: ensure that all URLs leaving scriptURI2StorageUri() are percent-encoded. - CVE-2019-9852 -- Marcus Tomlinson Wed, 14 Aug 2019 15:16:33 +0100 libreoffice (1:5.1.6~rc2-0ubuntu1~xenial8) xenial-security; urgency=medium * SECURITY UPDATE: LibreLogo arbitrary script execution - debian/patches/CVE-2019-9848.diff: don't allow LibreLogo to be used with mouseover/etc dom-alike events. - CVE-2019-9848 * SECURITY UPDATE: Remote bullet graphics retrieved in 'stealth mode' - debian/patches/CVE-2019-9849.diff: include bullet graphics in 'stealth mode' protection. - CVE-2019-9849 -- Marcus Tomlinson Tue, 16 Jul 2019 17:28:21 +0100 libreoffice (1:5.1.6~rc2-0ubuntu1~xenial7) xenial; urgency=medium [ Ikuya Awashiro ] * debian/patches/new-japanese-era-name.patch (LP: #1827451): Add new Japanse era name "Reiwa" support which taken from upstream: https://cgit.freedesktop.org/libreoffice/core/commit/?id=cacbb0faef77ae8462de9ff5c7307a6a2e28b2bb https://cgit.freedesktop.org/libreoffice/core/commit/?id=597c5d75b8e72d429e096535334eaac7973455ef [ Olivier Tilloy ] * debian/patches/java.vendor-Ubuntu.patch: update to also recognize "Private Build" as java.vendor (for custom PPA builds) (LP: #1822839) * debian/patches/java.vendor-Ubuntu.patch: also make jvmfwk recognize "Ubuntu" as java.vendor (LP: #1822839) [ Rene Engelhard ] * debian/patches/java.vendor-Debian.diff: make jvmfwk recognize "Debian" as java.vendor as that's what is set in openjdk 11 >= 11.0.3+4-2 - see #926009 (closes: #926318) (LP: #1822839) -- Marcus Tomlinson Fri, 03 May 2019 15:40:44 +0100 libreoffice (1:5.1.6~rc2-0ubuntu1~xenial6) xenial-security; urgency=medium * SECURITY UPDATE: incorrect integer data type in StgSmallStrm class - debian/patches/CVE-2018-10119.patch: use short->sal_Int32 like in StgDataStrm in sot/source/sdstor/stgstrms.cxx. - CVE-2018-10119 * SECURITY UPDATE: heap-based buffer overflow in SwCTBWrapper::Read - debian/patches/CVE-2018-10120.patch: check index before use in sw/source/filter/ww8/ww8toolbar.cxx. - CVE-2018-10120 * SECURITY UPDATE: information disclosure vulnerability via SMB link - debian/patches/CVE-2018-10583.patch: set Referer on link mediadescriptor in sw/source/filter/xml/xmltexti.cxx. - CVE-2018-10583 * SECURITY UPDATE: Directory traversal flaw in script execution - debian/patches/CVE-2018-16858.patch: keep pyuno script processing below base uri in scripting/source/pyprov/pythonscript.py. - CVE-2018-16858 -- Marc Deslauriers Mon, 28 Jan 2019 11:59:02 -0500 libreoffice (1:5.1.6~rc2-0ubuntu1~xenial4) xenial; urgency=medium * debian/libreoffice-mysql-connector.triggers.in, debian/libreoffice-wiki-publisher.triggers.in: - removed, file path triggers do not need to be activated explicitly * debian/libreoffice-common.triggers.in: switch to -noawait trigger (LP: #1780996) -- Olivier Tilloy Fri, 03 Aug 2018 13:00:22 +0200 libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial; urgency=medium [ Marc Deslauriers ] * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using WEBSERVICE - debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s] protocols. - debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas with missing dde-link entries. - debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly to ocDde. - debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck() for .xls and .xlsx formula cells. - debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck() for conditional format expressions - debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck() for named expressions - debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via Function Wizard - CVE-2018-6871 * SECURITY UPDATE: use-after-free in SwRootFrame - debian/patches/layout-footnote-use-after-free.diff: fix layout footnote use-after-free in SwRootFrame. - No CVE number. -- Olivier Tilloy Sat, 17 Feb 2018 22:49:14 +0100 libreoffice (1:5.1.6~rc2-0ubuntu1~xenial2) xenial-security; urgency=medium * SECURITY UPDATE: out-of-bounds write in ReadEnhWMF function - debian/patches/CVE-2016-10327.patch: add check to vcl/source/filter/wmf/enhwmf.cxx. - CVE-2016-10327 * SECURITY UPDATE: out-of-bounds write in tools::Polygon::Insert function - debian/patches/CVE-2017-7870.patch: check if ImplSplit succeeded in tools/inc/poly.h, tools/source/generic/poly.cxx. - CVE-2017-7870 -- Marc Deslauriers Fri, 28 Apr 2017 09:51:22 -0400 libreoffice (1:5.1.6~rc2-0ubuntu1~xenial1) xenial; urgency=medium * new upstream rc -- Bjoern Michaelsen Wed, 19 Oct 2016 17:16:59 +0200 libreoffice (1:5.1.5~rc2-0ubuntu1~xenial1) xenial; urgency=medium * new upstream rc -- Bjoern Michaelsen Wed, 27 Jul 2016 00:31:36 +0200 # For older changelog entries, run 'apt-get changelog libreoffice-librelogo'