Re: [tdf-discuss] security related information, CVE-2021-25631
On Fri, 2021-04-16 at 12:04 +0200, William Gathoye (LibreOffice) wrote: > On 15/04/2021 21:55, Caolán McNamara wrote: > > [...] > > In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the > > 7- > > 0 series in versions prior to 7.0.5 > > [...] > > have received a CVE warning from a security analyst saying that the > LibreOffice 7.0 branch is still vulnerable to CVE-2021-25631. > > The 7.0.5 version seems not to be fixing the issue. He recommends me to > tweak the Chocolatey libreoffice-still package and upgrade all the > users to the 7.1 branch. Can you forward the details of that claim to secur...@documentfoundation.org for investigation. I certainly see the expected commit in 7.0.5 -- To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy
Re: [tdf-discuss] security related information, CVE-2021-25631
On 15/04/2021 21:55, Caolán McNamara wrote: [...] In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7- 0 series in versions prior to 7.0.5 [...] Being the maintainer of chocolatey packages related to LibreOffice, I have received a CVE warning from a security analyst saying that the LibreOffice 7.0 branch is still vulnerable to CVE-2021-25631. The 7.0.5 version seems not to be fixing the issue. He recommends me to tweak the Chocolatey libreoffice-still package and upgrade all the users to the 7.1 branch. Do you have a link to the fix being backported to the 7.0 branch so I can prove it wrong, or do you know whether a 7.0.6 version will be out to correct the issue? -- William Gathoye Hypertive volunteer for LibreOffice Proud member of The Document Foundation CM of LaMouette - French based association promoting ODF and LibreOffice Consultant Technical Marketer at Collabora DevOps Engineer at Arawa Core Committer at Mattermost -- To unsubscribe e-mail to: discuss+unsubscr...@documentfoundation.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy