榎です CVE-2024-3044の脆弱性修正について転送します。 7.6.7 または 24.2.3で修正されているとのことです。
---------- Forwarded message --------- From: Caolán McNamara <[email protected]> Date: 2024年5月15日(水) 5:27 Subject: [tdf-discuss] security related information: CVE-2024-3044 To: <[email protected]> tl;dr Upgrade to 7.6.7 or 24.2.3 --- CVE-2024-3044: Graphic on-click binding allows unchecked script execution Fixed in: LibreOffice 7.6.7/24.2.3 Description: LibreOffice supports binding scripts to click events on graphics. In affected version of LibreOffice there are scenarios where built-in scripts can be executed without warning if the user clicks on a document with such on-click handlers. In early versions of LibreOffice these scripts were deemed trusted, but are now deemed untrusted. In the fixed versions the user's explicit macro execution permissions for the document, determined at load time, are used for these handlers. Users are recommended to upgrade to 7.6.7 or 24.2.3 to avoid this flaw. Thanks to Amel Bouziane-Leblond for for finding and reporting this issue. -- To unsubscribe e-mail to: [email protected] Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy -- Shinji Enoki [email protected] -- Unsubscribe instructions: E-mail to [email protected] Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.libreoffice.org/ja/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy
