The following commit has been merged in the ubuntu-precise-3.5 branch:
commit 10e447eec3c13a2f35286fab0a001884e4136c6b
Author: Bjoern Michaelsen <[email protected]>
Date: Thu Jan 10 00:13:22 2013 +0100
release to proposed
diff --git a/changelog b/changelog
index 38afa4b..84c2529 100644
--- a/changelog
+++ b/changelog
@@ -1,5 +1,6 @@
-libreoffice (1:3.5.7-0ubuntu3) UNRELEASED; urgency=low
+libreoffice (1:3.5.7-0ubuntu3) precise-proposed; urgency=low
+ * remove upstreamed security fix for CVE-2012-2665
* backport SdModule::GetSdOptions: Process
/usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV)
(LP: #1097323)
* backport crash when scrolling in multiselection in slide sorter (LP:
#1097360)
* backport multi-threaded XIOError segv (LP: #1097370)
@@ -24,6 +25,21 @@ libreoffice (1:3.5.7-0ubuntu3) UNRELEASED; urgency=low
-- Bjoern Michaelsen <[email protected]> Tue, 08 Jan 2013
17:09:36 +0100
+libreoffice (1:3.5.4-0ubuntu1.1) precise-security; urgency=low
+
+ * SECURITY UPDATE: arbitrary code execution via XML manifest encryption
+ tag parsing code
+ - debian/patches/CVE-2012-2665.diff: merge base64 encoders/decoders,
+ check key size, unwind manifest xml parser and follow tag hierarchy
+ model, count and order of receipt of properties doesn't matter.
+ - debian/patches/CVE-2012-2665-binfilter.diff: use sax::Converter::
+ base64 code instead, ThreeByteToFourByte and friends are no longer in
+ use.
+ - patches taken from Debian 1:3.5.4-7 package.
+ - CVE-2012-2665
+
+ -- Marc Deslauriers <[email protected]> Tue, 07 Aug 2012 08:30:47
-0400
+
libreoffice (1:3.5.7-0ubuntu2) precise-proposed; urgency=low
[Nobuto MURATA]
--
LibreOffice packaging repository
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
Archive: http://lists.debian.org/[email protected]
