[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
This bug was fixed in the package libreoffice-l10n - 1:5.4.5-0ubuntu0.17.10.1 --- libreoffice-l10n (1:5.4.5-0ubuntu0.17.10.1) artful; urgency=medium * New upstream release (LP: #1748999) - fixes CVE-2018-6871: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula * debian/patches/apparmor-senddoc-fixes.patch: apparmor fixes for the senddoc profile (LP: #1748895) -- Olivier TilloyTue, 13 Feb 2018 11:25:01 +0100 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice-l10n in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice-l10n package in Ubuntu: Fix Released Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
This bug was fixed in the package libreoffice - 1:5.4.5-0ubuntu0.17.10.1 --- libreoffice (1:5.4.5-0ubuntu0.17.10.1) artful; urgency=medium * New upstream release (LP: #1748999) - fixes CVE-2018-6871: Remote arbitrary file disclosure vulnerability via WEBSERVICE formula * debian/patches/apparmor-senddoc-fixes.patch: apparmor fixes for the senddoc profile (LP: #1748895) -- Olivier TilloyTue, 13 Feb 2018 11:25:01 +0100 ** Changed in: libreoffice (Ubuntu) Status: Fix Committed => Fix Released ** Changed in: libreoffice-l10n (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice-l10n in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice-l10n package in Ubuntu: Fix Released Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
Yes the CVE affects xenial and trusty, too. Backports of the patch are being prepared for those, this bug targets 5.4.5 on artful only. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice-l10n in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice-l10n package in Ubuntu: Fix Committed Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
It seems this also affects Xenial (16.04 LTS); see also the duplicate bug #1748889. Is there a chance to get this bug also nominated for and fixed in Xenial? Or should a separate bug report deal with Xenial? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice-l10n in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice-l10n package in Ubuntu: Fix Committed Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice-l10n in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice-l10n package in Ubuntu: Fix Committed Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-6871 -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice-l10n in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice-l10n package in Ubuntu: Fix Committed Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
** Changed in: libreoffice (Ubuntu) Status: Confirmed => Fix Committed ** Changed in: libreoffice (Ubuntu) Importance: Undecided => High ** Also affects: libreoffice-l10n (Ubuntu) Importance: Undecided Status: New ** Changed in: libreoffice-l10n (Ubuntu) Status: New => Fix Committed ** Changed in: libreoffice-l10n (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice-l10n package in Ubuntu: Fix Committed Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
[Desktop-packages] [Bug 1748999] Re: [SRU] libreoffice 5.4.5 for artful
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: libreoffice (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/1748999 Title: [SRU] libreoffice 5.4.5 for artful Status in libreoffice package in Ubuntu: Fix Committed Status in libreoffice-l10n package in Ubuntu: Fix Committed Bug description: [Impact] * LibreOffice 5.4.5 is the fifth bugfix release of the still 5.4 line. Version 5.4.4 is currently in artful-proposed. For a list of fixed bugs compared to 5.4.4 see the list of bugs fixed in the RC1: https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes. * Libreoffice 5.4.5 fixes CVE-2018-6871 [Test Case] * CVE-2018-6871 should be verified to be fixed * No other specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release usually goes through two release candidates, but 5.4.5 was initially unscheduled and it had a shortened cycle (only a single RC). * The libreoffice packages include autopkgtests, those should be run and verified to pass. * General smoke testing of all the applications in the office suite should be carried out. [Regression Potential] * A minor release with a total of 69 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed. * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1748999/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp