libreoffice (1:5.1.6~rc2-0ubuntu1~xenial3) xenial-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: remote arbitrary file disclosure vulnerability using
WEBSERVICE
- debian/patches/CVE-2018-6871-1.patch: limit WEBSERVICE to http[s]
protocols.
- debian/patches/CVE-2018-6871-2.patch: better handle ScDde formulas
with missing dde-link entries.
- debian/patches/CVE-2018-6871-3.patch: handle ocWebservice similarly
to ocDde.
- debian/patches/CVE-2018-6871-4.patch: CheckLinkFormulaNeedingCheck()
for .xls and .xlsx formula cells.
- debian/patches/CVE-2018-6871-5.patch: CheckLinkFormulaNeedingCheck()
for conditional format expressions
- debian/patches/CVE-2018-6871-6.patch: CheckLinkFormulaNeedingCheck()
for named expressions
- debian/patches/CVE-2018-6871-7.patch: fix for DDE link update via
Function Wizard
- CVE-2018-6871
* SECURITY UPDATE: use-after-free in SwRootFrame
- debian/patches/layout-footnote-use-after-free.diff: fix layout
footnote use-after-free in SwRootFrame.
- No CVE number.
Date: 2018-02-19 16:33:12.783974+00:00
Changed-By: Olivier Tilloy <olivier.til...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial3
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes