[Git][security-tracker-team/security-tracker][master] libreoffice DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Sat Oct 16 20:20:31 BST 2021
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
4b349350 by Moritz Mühlenhoff at 2021-10-16T21:19:50+02:00
libreoffice DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -42607,6 +42607,7 @@ CVE-2021-25635
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1)
CVE-2021-25634 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
- libreoffice 1:7.2.0-2
+ [buster] - libreoffice <ignored> (Risk doesn't warrant complex backport)
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25634
NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/2
NOTE: XAdES/xades:SigningTime support introduced in 5.3, but pre-requisite for CVE-2021-25633/25634 also introduces it
@@ -42619,6 +42620,7 @@ CVE-2021-25634 (LibreOffice supports digital signatures of ODF documents and mac
NOTE: Fixed by: https://github.com/LibreOffice/core/commit/b776cf1281660cf495e12824872576bb8e99d569 (7-1)
CVE-2021-25633 (LibreOffice supports digital signatures of ODF documents and macros wi ...)
- libreoffice 1:7.2.0-2
+ [buster] - libreoffice <ignored> (Risk doesn't warrant complex backport)
NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25633
NOTE: https://www.openwall.com/lists/oss-security/2021/10/11/1
NOTE: Pre-requisites (replacement for XSecParser):
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[16 Oct 2021] DSA-4988-1 libreoffice - security update
+ {CVE-2021-25633 CVE-2021-25634}
+ [bullseye] - libreoffice 1:7.0.4-4+deb11u1
[15 Oct 2021] DSA-4987-1 squashfs-tools - security update
{CVE-2021-41072}
[buster] - squashfs-tools 1:4.3-12+deb10u2
=====================================
data/dsa-needed.txt
=====================================
@@ -28,8 +28,6 @@ ffmpeg/oldstable (jmm)
--
icu
--
-libreoffice (jmm)
---
linux (carnil)
Wait until more issues have piled up, though try to regulary rebase for point
releases to more recent v4.19.y versions.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b3493501fd99045fad4003291c4ad65e4e40218
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/4b3493501fd99045fad4003291c4ad65e4e40218
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211016/3cf52a93/attachment.htm>
More information about the debian-security-tracker-commits
mailing list