libreoffice (1:5.1.6~rc2-0ubuntu1~xenial9) xenial-security; urgency=medium
* SECURITY UPDATE: Insufficient URL validation allowing LibreLogo script
execution
- debian/patches/CVE-2019-9850_1_2.diff: decode escape codes and ban scripts
with "LibreLogo" anywhere in its path.
- CVE-2019-9850
* SECURITY UPDATE: LibreLogo global-event script execution
- debian/patches/CVE-2019-9850_1_2.diff: catch more LibreLogo script
executions
by expanding check to global events.
- CVE-2019-9851
* SECURITY UPDATE: Insufficient URL encoding flaw in allowed script location
check
- debian/patches/CVE-2019-9850_1_2.diff: ensure that all URLs leaving
scriptURI2StorageUri() are percent-encoded.
- CVE-2019-9852
Date: 2019-08-15 12:33:13.297907+00:00
Changed-By: Marcus Tomlinson <marcus.tomlin...@canonical.com>
Signed-By: Ubuntu Archive Robot
<cjwatson+ubuntu-archive-ro...@chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/libreoffice/1:5.1.6~rc2-0ubuntu1~xenial9
Sorry, changesfile not available.
--
Xenial-changes mailing list
Xenial-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/xenial-changes