From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 14 Dec 2023 17:32:46 +0000 (+0000)
Subject: Merge version 1:7.0.4-4+rpi1+deb11u6 and 1:7.0.4-4+deb11u8 to produce 1:7.0.4-4+rpi1... 
X-Git-Tag: archive/raspbian/1%7.0.4-4+rpi1+deb11u8^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=a52b3e5c91068faa8a0d2fcfa1d6bd90a65f391f;p=libreoffice.git

Merge version 1:7.0.4-4+rpi1+deb11u6 and 1:7.0.4-4+deb11u8 to produce 1:7.0.4-4+rpi1+deb11u8
---

a52b3e5c91068faa8a0d2fcfa1d6bd90a65f391f
diff --cc debian/changelog
index fc62192b5eb,e4a85395b29..19813ed579b
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,12 -1,29 +1,39 @@@
- libreoffice (1:7.0.4-4+rpi1+deb11u6) bullseye-staging; urgency=medium
++libreoffice (1:7.0.4-4+rpi1+deb11u8) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 1:6.0.2-1+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Fri, 27 Apr 2018 02:14:18 +0000]
 +  * Disable testsuite.
 +
 +  [changes introduced in 1:5.4.0-1+rpi1 by Peter Michael Green]
 +  * Disable pdfium, it fails to build for armv6
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 12 May 2023 10:01:41 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 14 Dec 2023 17:32:44 +0000
++
+ libreoffice (1:7.0.4-4+deb11u8) bullseye-security; urgency=high
+ 
+   * debian/patches/escape-url-passed-to-gstreamer.diff: add from
+     distro/lhm/libreoffice-6-4+backports upstream branch; fixes CVE-2023-6185: 
+     "Improper input validation enabling arbitrary Gstreamer pipeline injection"
+   * debian/patches/improve-macro-checks.diff: add patch which is needed for
+     the following to apply and makes sense to have anyway
+   * debian/patches/floating-frame-targets-unneeded-protocols.diff,
+     debian/patches/warn-about-exotic-protocols-as-well.diff,
+     debian/patches/ignore-LO-special-purpose-hyperlinks-per-default.diff,
+     debian/patches/reuse-AllowedLinkProtocolFromDocument-{1,2}.diff:
+     add from distro/lhm/libreoffice-6-4+backports upstream branch; fixes
+     CVE-2023-6186: "Link targets allow arbitrary script execution"
+   * debian/patches/work-around-expired-certificiate-in-test.diff: add from
+     upstream https://gerrit.libreoffice.org/c/core/+/159909
+ 
+  -- Rene Engelhard <rene@debian.org>  Tue, 28 Nov 2023 20:36:58 +0100
+ 
+ libreoffice (1:7.0.4-4+deb11u7) bullseye-security; urgency=high
+ 
+   * debian/patches/sc-stack-parameter-count.diff: fix CVE-2023-0950
+     ("Array Index UnderFlow in Calc Formula Parsing")
+   * debian/patches/CVE-2023-2255.diff:
+     fix CVE-2023-2255 ("Remote documents loaded without prompt via IFrame")
+ 
+  -- Rene Engelhard <rene@debian.org>  Wed, 24 May 2023 20:05:03 +0200
  
  libreoffice (1:7.0.4-4+deb11u6) bullseye; urgency=medium