From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 21 Oct 2021 04:23:28 +0000 (+0100)
Subject: Merge version 1:7.0.4-4+rpi1 and 1:7.0.4-4+deb11u1 to produce 1:7.0.4-4+rpi1+deb11u1
X-Git-Tag: raspbian/1%7.0.4-4+rpi1+deb11u1
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=0081e111859c9f083c0de45b076ef61a650479ff;p=libreoffice.git

Merge version 1:7.0.4-4+rpi1 and 1:7.0.4-4+deb11u1 to produce 1:7.0.4-4+rpi1+deb11u1
---

cfb520a4d977b3c9e4eee6f219f343ccba1533c0
diff --cc debian/changelog
index 8cc5d44abb5,bdd1d14907f..83e35ca8958
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,12 -1,17 +1,27 @@@
- libreoffice (1:7.0.4-4+rpi1) bullseye-staging; urgency=medium
++libreoffice (1:7.0.4-4+rpi1+deb11u1) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 1:6.0.2-1+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Fri, 27 Apr 2018 02:14:18 +0000]
 +  * Disable testsuite.
 +
 +  [changes introduced in 1:5.4.0-1+rpi1 by Peter Michael Green]
 +  * Disable pdfium, it fails to build for armv6
 +
-  -- Raspbian forward porter <root@raspbian.org>  Thu, 27 May 2021 20:37:32 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 21 Oct 2021 04:23:26 +0000
++
+ libreoffice (1:7.0.4-4+deb11u1) bullseye-security; urgency=high
+ 
+   * backport fixes from libreoffice-7-0 branch:
+     - xmlsecurity-replace-XSecParser-implementation.diff 
+     - xmlsecurity-improve-handling-of-multiple-X509Data-elements.diff: 
+     (fixes CVE-2021-25633 "Double Certificate Attack")
+     - xmlsecurity-XSecParser-confused-about-multiple-timestamps.diff,
+       xmlsecurity-ignore-elements-in-ds:Object-that-arent-signed.diff: 
+     (fixes CVE-2021-25634 "Timestamp Manipulation with Signature Wrapping")
+     - default-to-CertificateValidity::INVALID.diff:
+     (fixes CVE-2021-25635 "Content Manipulation with Certificate Validation
+      Attack")
+ 
+  -- Rene Engelhard <rene@debian.org>  Sun, 10 Oct 2021 12:37:28 +0200
  
  libreoffice (1:7.0.4-4) unstable; urgency=medium