[Git][security-tracker-team/security-tracker][master] CVE-2024-12426/libreoffice

Bastien Roucariès (@rouca) rouca at debian.org
Mon Jan 13 20:32:43 GMT 2025 


Bastien Roucariès pushed to branch master at Debian Security Tracker / security-tracker


Commits:
396b7590 by Bastien Roucariès at 2025-01-13T20:31:48+00:00
CVE-2024-12426/libreoffice

Add bug according to upstream, commit and backport commit

All version are affected see backport

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1958,7 +1958,12 @@ CVE-2024-12429 (An attacker who successfully exploited these vulnerabilities cou
 CVE-2024-12426 (Exposure of Environmental Variables and arbitrary INI file values to a ...)
 	- libreoffice 4:24.8.4-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426
-	TODO: check, said to affect only 24.8 upstream onwards
+	NOTE: [1/2] https://gerrit.libreoffice.org/c/core/+/176797
+	NOTE: [2/2] https://gerrit.libreoffice.org/c/core/+/177987
+	NOTE: Fixed by commit [1/2] https://git.libreoffice.org/core/+/d6c89af2598e866aa9cb4fa3600691fb558befdb%5E%21 (libreoffice-24.8.4.1)
+	NOTE: Fixed by commit [2/2] https://git.libreoffice.org/core/+/b63aa51c55244ee67410201fa5e7c003427b1009%5E%21 (libreoffice-24.8.4.1)
+	NOTE: Fixed by commit [1/2] https://github.com/LibreOffice/core/commit/a22d185ef7d141676e8a4db15471bfe6d283cb8c (distro/cib/libreoffice-6-4)
+	NOTE: Fixed by commit [2/2] https://github.com/LibreOffice/core/commit/4915889ab56bc946264c257391ba6eeedfdfad95 (distro/cib/libreoffice-6-4)
 CVE-2024-12425 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...)
 	- libreoffice 4:24.8.4-1
 	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/396b759027deac8e8b6b7f4c0b1151dc4e119922

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/396b759027deac8e8b6b7f4c0b1151dc4e119922
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250113/9721332a/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list