This bug was fixed in the package libreoffice - 4:7.5.9-0ubuntu0.23.04.1
---------------
libreoffice (4:7.5.9-0ubuntu0.23.04.1) lunar-security; urgency=medium
* New upstream release (LP: #2044369)
* SECURITY UPDATE: Improper input validation enabling arbitrary Gstreamer
pipeline injection
- CVE-2023-6185
* SECURITY UPDATE: Link targets allow arbitrary script execution
- CVE-2023-6186
[ Rico Tzschichholz ]
* patches/CppunitTest_desktop_lib-adjust-asserts-so-this-works.patch:
- Usage of expired certificates in CppunitTest_desktop_lib:
adjust asserts so this works again
[ Rene Engelhard ]
* debian/rules:
- Re-enable cmis; bump libcmis build-dep to >= 0.6.1
-- Rico Tzschichholz <ric...@ubuntu.com> Tue, 28 Nov 2023 20:57:57
+0100
** Changed in: libreoffice (Ubuntu Lunar)
Status: In Progress => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6185
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6186
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/2044369
Title:
[SRU] libreoffice 7.5.9 for lunar
Status in libreoffice package in Ubuntu:
Fix Released
Status in libreoffice source package in Lunar:
Fix Released
Bug description:
[Impact]
* LibreOffice 7.5.9 is in its ninth and last bugfix release of the 7.5 line:
https://wiki.documentfoundation.org/ReleasePlan/7.5#7.5.9_release
* Version 7.5.8 is currently released in lunar. For a list of fixed bugs
compared to 7.5.8 see the list of bugs fixed in the release candidates of 7.5.9
(that's a total of ? bugs):
https://wiki.documentfoundation.org/Releases/7.5.9/RC1#List_of_fixed_bugs
https://wiki.documentfoundation.org/Releases/7.5.9/RC2#List_of_fixed_bugs
7.5.9 RC2 is identical to the 7.5.9 release
* Given the nature of the project, the complexity of the codebase and
the high level of quality assurance upstream, it is preferable to SRU
a minor release rather than cherry-pick selected bug fixes.
[Testing]
* Upstream testing. Bugs fixed upstream typically include
unit/regression tests, and the release itself is extensively exercised
(both in an automated manner and manually).
* A recent set of upstream's automated jenkins testing can be found here:
https://ci.libreoffice.org/job/gerrit_75/1776/
* More information about the upstream QA testing can be found here:
* Automated tests
https://wiki.documentfoundation.org/QA/Testing/Automated_Tests
* Automated UI tests
https://wiki.documentfoundation.org/Development/UITests
* Regression tests
https://wiki.documentfoundation.org/QA/Testing/Regression_Tests
* Feature tests
https://wiki.documentfoundation.org/QA/Testing/Feature_Tests
* Launchpad testing. The libreoffice packages include autopkgtests that were
run and verified as passing.
Tested build can be found at
https://launchpad.net/~ricotz/+archive/ubuntu/ppa/+sourcepub/15402714/+listing-archive-extra
* [amd64]
https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ricotz-ppa/lunar/amd64/libr/libreoffice/20231130_032215_7d344@/log.gz
* [arm64]
https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ricotz-ppa/lunar/arm64/libr/libreoffice/20231130_110658_1779c@/log.gz
* [armhf] ... (autopkgtests infra problems on this arch)
* [ppc64el]
https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ricotz-ppa/lunar/ppc64el/libr/libreoffice/20231129_180258_07169@/log.gz
* [riscv64] not available
* [s390x]
https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ricotz-ppa/lunar/s390x/libr/libreoffice/20231130_024056_ac67e@/log.gz
* General smoke testing of all the applications in the office suite were
carried out by going through the manual testplan as documented by:
https://wiki.ubuntu.com/Process/Merges/TestPlans/libreoffice
[Regression Potential]
* A minor release with a total of ? bug fixes always carries the
potential for introducing regressions, even though it is a bugfix-only
release, meaning that no new features were added, and no existing
features were removed.
* A combination of autopkgtests and careful smoke testing as
described above should provide reasonable confidence that no
regressions sneaked in.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2044369/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
