From http://www.libreoffice.org/about-us/security/advisories/ : Fixed in LibreOffice 4.4.6/5.0.0 CVE-2015-5214 DOC Bookmark Status Memory Corruption Fixed in LibreOffice 4.4.5/5.0.0 CVE-2015-4551 Arbitrary file disclosure in Calc and Writer CVE-2015-5212 ODF Integer Underflow (PrinterSetup Length) CVE-2015-5213 DOC piecetable Integer Overflow
We're going for 5.0.3.2 as stabilization target (which was bumped today; I guess we can wait for a few days here to make sure nothing's obviously wrong with it). [Note that the crashy gtk3 frontend will be stable.masked.] I'm preparing the binary packages.
Arches please test and stabilize, target "amd64 x86" =app-office/libreoffice-5.0.3.2 =app-office/libreoffice-l10n-5.0.3.2 =app-office/libreoffice-bin-5.0.3.2 =app-office/libreoffice-bin-debug-5.0.3.2 =app-text/libmwaw-0.3.6 =app-text/libwps-0.4.2 Please especially do some runtime testing (i.e. start the program and play with it) of the binary package app-office/libreoffice-bin. Note, you can disregard any bugs about crashy behaviour with USE=gtk3; the gtk3 frontend is indeed unstable and the useflag has been stable.masked for libreoffice-5.[01]*
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
All vulnerable versions removed. As detailed in comment #0, 4.4.6 can stay. (In reply to Agostino Sarubbo from comment #0) > From http://www.libreoffice.org/about-us/security/advisories/ : > > > Fixed in LibreOffice 4.4.6/5.0.0 > CVE-2015-5214 DOC Bookmark Status Memory Corruption > > Fixed in LibreOffice 4.4.5/5.0.0 > CVE-2015-4551 Arbitrary file disclosure in Calc and Writer > CVE-2015-5212 ODF Integer Underflow (PrinterSetup Length) > CVE-2015-5213 DOC piecetable Integer Overflow
Added to an existing GLSA Request.
app-office/openoffice-bin was missed. @maintainer(s), please clean the vulnerable version from the tree: =app-office/openoffice-bin-4.1.1
This issue was resolved and addressed in GLSA 201611-03 at https://security.gentoo.org/glsa/201611-03 by GLSA coordinator Aaron Bauman (b-man).