These have been published now, thanks!
https://ubuntu.com/security/notices/USN-6546-1
https://ubuntu.com/security/notices/USN-6546-2
** Changed in: libreoffice (Ubuntu Focal)
Status: In Progress => Fix Released
** Changed in: libreoffice (Ubuntu Jammy)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/2046037
Title:
CVE-2023-6185 and CVE-2023-6186
Status in libreoffice package in Ubuntu:
Fix Released
Status in libreoffice source package in Focal:
Fix Released
Status in libreoffice source package in Jammy:
Fix Released
Status in libreoffice source package in Lunar:
Fix Released
Status in libreoffice source package in Mantic:
Fix Released
Status in libreoffice source package in Noble:
Fix Released
Bug description:
CVE-2023-6185: "Improper input validation enabling arbitrary Gstreamer
pipeline injection"
https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185/
CVE-2023-6186: "Link targets allow arbitrary script execution"
https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186/
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/focal-6.4
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/jammy-7.3
More information will follow.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2046037/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
