*** This bug is a security vulnerability *** Public security bug reported:
CVE-2024-7788: Signatures in "repair mode" should not be trusted https://www.libreoffice.org/about-us/security/advisories/cve-2024-7788/ https://gerrit.libreoffice.org/c/core/+/169883 https://gerrit.libreoffice.org/c/core/+/170028 https://ubuntu.com/security/CVE-2024-7788 * Noble 24.04: Fix is included in 24.2.5 SRU - https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2073054 * Jammy 22.04: Backport of patch to 7.3.7 required - https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/jammy-7.3 * Focal 20.04: Backport of patch to 6.4.7 required - https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/focal-6.4 ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: libreoffice (Ubuntu Focal) Importance: Medium Assignee: Rico Tzschichholz (ricotz) Status: In Progress ** Affects: libreoffice (Ubuntu Jammy) Importance: Medium Assignee: Rico Tzschichholz (ricotz) Status: In Progress ** Affects: libreoffice (Ubuntu Noble) Importance: Undecided Status: Fix Released ** Also affects: libreoffice (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: libreoffice (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: libreoffice (Ubuntu Jammy) Importance: Undecided Status: New ** Changed in: libreoffice (Ubuntu) Status: New => Fix Released ** Changed in: libreoffice (Ubuntu Noble) Status: New => Fix Released ** Changed in: libreoffice (Ubuntu Jammy) Status: New => In Progress ** Changed in: libreoffice (Ubuntu Focal) Status: New => In Progress ** Changed in: libreoffice (Ubuntu Focal) Importance: Undecided => Medium ** Changed in: libreoffice (Ubuntu Jammy) Importance: Undecided => Medium ** Changed in: libreoffice (Ubuntu Focal) Assignee: (unassigned) => Rico Tzschichholz (ricotz) ** Changed in: libreoffice (Ubuntu Jammy) Assignee: (unassigned) => Rico Tzschichholz (ricotz) -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/2081078 Title: CVE-2024-7788 Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice source package in Focal: In Progress Status in libreoffice source package in Jammy: In Progress Status in libreoffice source package in Noble: Fix Released Bug description: CVE-2024-7788: Signatures in "repair mode" should not be trusted https://www.libreoffice.org/about-us/security/advisories/cve-2024-7788/ https://gerrit.libreoffice.org/c/core/+/169883 https://gerrit.libreoffice.org/c/core/+/170028 https://ubuntu.com/security/CVE-2024-7788 * Noble 24.04: Fix is included in 24.2.5 SRU - https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2073054 * Jammy 22.04: Backport of patch to 7.3.7 required - https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/jammy-7.3 * Focal 20.04: Backport of patch to 6.4.7 required - https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/focal-6.4 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2081078/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
