This bug was fixed in the package libreoffice - 1:5.4.5-0ubuntu0.17.10.1 --------------- libreoffice (1:5.4.5-0ubuntu0.17.10.1) artful; urgency=medium
* New upstream release (LP: #1748999) - fixes CVE-2018-6871: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula * debian/patches/apparmor-senddoc-fixes.patch: apparmor fixes for the senddoc profile (LP: #1748895) -- Olivier Tilloy <olivier.til...@canonical.com> Tue, 13 Feb 2018 11:25:01 +0100 ** Changed in: libreoffice (Ubuntu) Status: Fix Committed => Fix Released ** Changed in: libreoffice-l10n (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice-l10n in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice-l10n package in Ubuntu: Fix Released Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp