From: Raspbian automatic forward porter Date: Fri, 15 Sep 2023 01:32:07 +0000 (+0100) Subject: Merge version 1:6.1.5-3+rpi1+deb10u8 and 1:6.1.5-3+deb10u10 to produce 1:6.1.5-3... X-Git-Tag: archive/raspbian/1%6.1.5-3+rpi1+deb10u10^0 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=f1ee2bb2420b94ad548a397678c38b5eae5c446f;p=libreoffice.git Merge version 1:6.1.5-3+rpi1+deb10u8 and 1:6.1.5-3+deb10u10 to produce 1:6.1.5-3+rpi1+deb10u10 --- f1ee2bb2420b94ad548a397678c38b5eae5c446f diff --cc debian/changelog index 68bbc39d8cc,7acf546a834..7dfdaad142a --- a/debian/changelog +++ b/debian/changelog @@@ -1,12 -1,35 +1,45 @@@ - libreoffice (1:6.1.5-3+rpi1+deb10u8) buster-staging; urgency=medium ++libreoffice (1:6.1.5-3+rpi1+deb10u10) buster-staging; urgency=medium + + [changes introduced in 1:5.4.0-1+rpi1 by Peter Michael Green] + * Disable pdfium, it fails to build for armv6 + + [changes brought forward from 1:6.0.2-1+rpi2 by Peter Michael Green at Fri, 27 Apr 2018 02:14:18 +0000] + * Disable testsuite. + - -- Raspbian forward porter Tue, 28 Mar 2023 06:26:48 +0000 ++ -- Raspbian forward porter Fri, 15 Sep 2023 01:32:05 +0000 ++ + libreoffice (1:6.1.5-3+deb10u10) buster-security; urgency=medium + + * CVE-2023-2255: Improper access control in editor components of + LibreOffice allowed an attacker to craft + a document that would cause external links to be loaded without prompt. + In the affected versions of LibreOffice documents + that used "floating frames" + linked to external files, would load the contents of those frames + without prompting the user for permission to do so. + This was inconsistent with the treatment of other linked + content in LibreOffice. + + -- Bastien Roucariès Sat, 12 Aug 2023 19:58:29 +0000 + + libreoffice (1:6.1.5-3+deb10u9) buster-security; urgency=medium + + * Team upload by the LTS team + * CVE-2022-3874: Libreoffice may be configured to add an empty + entry to the Java class path. + This may lead to run arbitrary Java code from the + current directory. + * CVE-2023-0950: Improper Validation of Array Index vulnerability in the + spreadsheet component allows an attacker to craft a + spreadsheet document that will cause an array index + underflow when loaded. In the affected versions of LibreOffice + certain malformed spreadsheet formulas, such as AGGREGATE, + could be created with less parameters passed to the formula + interpreter than it expected, leading to an array index + underflow, in which case there is a risk that arbitrary + code could be executed. + + -- Bastien Roucariès Fri, 11 Aug 2023 19:09:29 +0000 libreoffice (1:6.1.5-3+deb10u8) buster-security; urgency=medium