[Git][security-tracker-team/security-tracker][master] update status for libreoffice
Moritz Muehlenhoff
jmm at debian.org
Wed May 2 14:33:46 BST 2018
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f7ce7578 by Moritz Muehlenhoff at 2018-05-02T15:33:22+02:00
update status for libreoffice
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -149,9 +149,13 @@ CVE-2018-10585
CVE-2018-10584
RESERVED
CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...)
- - libreoffice <undetermined>
+ - libreoffice <unfixed> (unimportant)
NOTE: http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
- TODO: check
+ NOTE: This is the generic behaviour of accessing remote SMB shares and not limited to
+ NOTE: Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections
+ NOTE: from the local network
+ NOTE: The following commit adds this class of access to the list of trusted locations:
+ NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e
CVE-2018-10582
RESERVED
CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7ce75786a9a18f433e166a8cf4df83ecdde562f
---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/f7ce75786a9a18f433e166a8cf4df83ecdde562f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180502/6f1e2e99/attachment.html>
More information about the debian-security-tracker-commits
mailing list