From: Raspbian automatic forward porter <root@raspbian.org>
Date: Thu, 15 Aug 2024 16:46:54 +0000 (+0100)
Subject: Merge version 1:7.0.4-4+rpi1+deb11u6 and 1:7.0.4-4+deb11u10 to produce 1:7.0.4-4... 
X-Git-Tag: raspbian/1%7.0.4-4+rpi1+deb11u10
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=c7fc5aa850d6b748f45b2c52a07774180145462d;p=libreoffice.git

Merge version 1:7.0.4-4+rpi1+deb11u6 and 1:7.0.4-4+deb11u10 to produce 1:7.0.4-4+rpi1+deb11u10
---

793727a87640f92cae261e7633f7319e28794b60
diff --cc debian/changelog
index fc62192b5eb,b9c66d93e49..640013a920a
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,12 -1,44 +1,54 @@@
- libreoffice (1:7.0.4-4+rpi1+deb11u6) bullseye-staging; urgency=medium
++libreoffice (1:7.0.4-4+rpi1+deb11u10) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 1:6.0.2-1+rpi2 by Peter Michael Green <plugwash@raspbian.org> at Fri, 27 Apr 2018 02:14:18 +0000]
 +  * Disable testsuite.
 +
 +  [changes introduced in 1:5.4.0-1+rpi1 by Peter Michael Green]
 +  * Disable pdfium, it fails to build for armv6
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 12 May 2023 10:01:41 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Thu, 15 Aug 2024 16:46:51 +0000
++
+ libreoffice (1:7.0.4-4+deb11u10) bullseye-security; urgency=medium
+ 
+   * remove-ability-to-trust-not-validated-macro-signatures-in-high-security.diff:
+     as name says (CVE-2024-6472)
+ 
+  -- Rene Engelhard <rene@debian.org>  Thu, 01 Aug 2024 14:16:43 +0200
+ 
+ libreoffice (1:7.0.4-4+deb11u9) bullseye-security; urgency=high
+ 
+   * debian/patches/add-notify-for-script-use.diff: add fix for
+     CVE-2024-3044 ("Graphic on-click binding allows unchecked script
+     execution")
+ 
+  -- Rene Engelhard <rene@debian.org>  Mon, 01 Apr 2024 11:06:03 +0200
+ 
+ libreoffice (1:7.0.4-4+deb11u8) bullseye-security; urgency=high
+ 
+   * debian/patches/escape-url-passed-to-gstreamer.diff: add from
+     distro/lhm/libreoffice-6-4+backports upstream branch; fixes CVE-2023-6185: 
+     "Improper input validation enabling arbitrary Gstreamer pipeline injection"
+   * debian/patches/improve-macro-checks.diff: add patch which is needed for
+     the following to apply and makes sense to have anyway
+   * debian/patches/floating-frame-targets-unneeded-protocols.diff,
+     debian/patches/warn-about-exotic-protocols-as-well.diff,
+     debian/patches/ignore-LO-special-purpose-hyperlinks-per-default.diff,
+     debian/patches/reuse-AllowedLinkProtocolFromDocument-{1,2}.diff:
+     add from distro/lhm/libreoffice-6-4+backports upstream branch; fixes
+     CVE-2023-6186: "Link targets allow arbitrary script execution"
+   * debian/patches/work-around-expired-certificiate-in-test.diff: add from
+     upstream https://gerrit.libreoffice.org/c/core/+/159909
+ 
+  -- Rene Engelhard <rene@debian.org>  Tue, 28 Nov 2023 20:36:58 +0100
+ 
+ libreoffice (1:7.0.4-4+deb11u7) bullseye-security; urgency=high
+ 
+   * debian/patches/sc-stack-parameter-count.diff: fix CVE-2023-0950
+     ("Array Index UnderFlow in Calc Formula Parsing")
+   * debian/patches/CVE-2023-2255.diff:
+     fix CVE-2023-2255 ("Remote documents loaded without prompt via IFrame")
+ 
+  -- Rene Engelhard <rene@debian.org>  Wed, 24 May 2023 20:05:03 +0200
  
  libreoffice (1:7.0.4-4+deb11u6) bullseye; urgency=medium