[Git][security-tracker-team/security-tracker][master] update status for libreoffice

Moritz Muehlenhoff jmm at debian.org
Wed May 2 14:33:46 BST 2018


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f7ce7578 by Moritz Muehlenhoff at 2018-05-02T15:33:22+02:00
update status for libreoffice

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -149,9 +149,13 @@ CVE-2018-10585
 CVE-2018-10584
 	RESERVED
 CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...)
-	- libreoffice <undetermined>
+	- libreoffice <unfixed> (unimportant)
 	NOTE: http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
-	TODO: check
+	NOTE: This is the generic behaviour of accessing remote SMB shares and not limited to
+	NOTE: Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections
+	NOTE: from the local network
+	NOTE: The following commit adds this class of access to the list of trusted locations:
+	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e	
 CVE-2018-10582
 	RESERVED
 CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7ce75786a9a18f433e166a8cf4df83ecdde562f

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7ce75786a9a18f433e166a8cf4df83ecdde562f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180502/6f1e2e99/attachment.html>


More information about the debian-security-tracker-commits mailing list