Bastien Roucariès pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
44619aae by Bastien Roucariès at 2023-03-26T20:41:39+00:00
Reserve DLA-3368-1 for libreoffice
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -85380,17 +85380,14 @@ CVE-2022-26308 (Pandora FMS v7.0NG.760 and below
allows an improper access contr
CVE-2022-26307 (LibreOffice supports the storage of passwords for web
connections in t ...)
- libreoffice 1:7.3.3~rc1-2
[bullseye] - libreoffice 1:7.0.4-4+deb11u2
- [buster] - libreoffice <no-dsa> (Minor issue)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-26307
CVE-2022-26306 (LibreOffice supports the storage of passwords for web
connections in t ...)
- libreoffice 1:7.3.3~rc1-2
[bullseye] - libreoffice 1:7.0.4-4+deb11u2
- [buster] - libreoffice <no-dsa> (Minor issue)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-26306
CVE-2022-26305 (An Improper Certificate Validation vulnerability in
LibreOffice existe ...)
- libreoffice 1:7.3.2~rc2-1
[bullseye] - libreoffice 1:7.0.4-4+deb11u2
- [buster] - libreoffice <no-dsa> (Minor issue)
NOTE:
https://www.libreoffice.org/about-us/security/advisories/cve-2022-26305
CVE-2022-26301 (TuziCMS v2.0.6 was discovered to contain a SQL injection
vulnerability ...)
NOT-FOR-US: TuziCMS
@@ -157240,7 +157237,6 @@ CVE-2021-25637
CVE-2021-25636 (LibreOffice supports digital signatures of ODF documents and
macros wi ...)
- libreoffice 1:7.3.0-1
[bullseye] - libreoffice 1:7.0.4-4+deb11u2
- [buster] - libreoffice <no-dsa> (Minor issue)
[stretch] - libreoffice <postponed> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2056955
NOTE:
https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25636
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Mar 2023] DLA-3368-1 libreoffice - security update
+ {CVE-2021-25636 CVE-2022-3140 CVE-2022-26305 CVE-2022-26306
CVE-2022-26307}
+ [buster] - libreoffice 1:6.1.5-3+deb10u8
[24 Mar 2023] DLA-3367-1 libdatetime-timezone-perl - new timezone database
[buster] - libdatetime-timezone-perl 1:2.23-1+2023b
[24 Mar 2023] DLA-3366-1 tzdata - new timezone database
=====================================
data/dla-needed.txt
=====================================
@@ -129,10 +129,6 @@ intel-microcode (tobi)
libmicrohttpd (Thorsten Alteholz)
NOTE: 20230313: Programming language: C.
--
-libreoffice (rouca)
- NOTE: 20221012: Programming language: C++.
- NOTE: 20230111: VCS:
https://salsa.debian.org/lts-team/packages/libreoffice.git
---
linux (Ben Hutchings)
NOTE: 20230111: Programming language: C
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44619aae5b33013176b4d0de2aafd43c8ba5ffbb
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/44619aae5b33013176b4d0de2aafd43c8ba5ffbb
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
