Summary: | <app-office/libreoffice{,-bin}-6.4.5.2: Multiple vulnerabilities (CVE-2020-{12802,12803}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mattst88 |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=735824 https://bugs.gentoo.org/show_bug.cgi?id=736904 |
||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
app-text/libnumbertext-1.0.6
app-text/libwps-0.4.12
app-office/libreoffice-6.4.6.2-r2 amd64 x86
app-office/libreoffice-l10n-6.4.6.2 amd64 x86
app-office/libreoffice-bin-6.4.6.2-r2 amd64 x86
app-office/libreoffice-bin-debug-6.4.6.2-r2 amd64 x86
|
Runtime testing required: | --- |
Description
Sam James
2020-06-21 00:44:28 UTC
@maintainer(s), -bin needs bump to 6.4.4.x, and then we need to stable both. I think we will use this to stabilise upcoming 6.4.5.2 (scheduled in near future). (In reply to Andreas Sturmlechner from comment #2) > I think we will use this to stabilise upcoming 6.4.5.2 (scheduled in near > future). ping ping Did you mean to add CC-ARCHES here? You suggested handling this bug at the same time as bug 735824 but you only added CC-ARCHES to one. ALSO: PLEASE STOP DOING THESE STABILIZATIONS IN SEPARATE BUGS No, libreoffice-bin was not ready and I was not going to wait forever. No need for capitals at all. This is super frustrating and this is not the first time this has happened. What did we gain by stabilizing poppler a few days ahead of libreoffice? I don't know how many more days it will take but we can wait a few weeks more if you insist. Frankly, I don't think building LO is a massive problem these days and IUSE="pdfimport" is not enabled by default. Unable to check for sanity:
> no match for package: app-office/libreoffice-6.4.6.2
All sanity-check issues have been resolved Sorry about the long delay. libreoffice-bin bumped. Sanity check failed:
> app-office/libreoffice-bin-6.4.6.2-r1
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=sys-libs/glibc-2.31
Sanity check failed:
> app-office/libreoffice-bin-6.4.3.2
> rdepend amd64 exp profile default/linux/amd64/17.0/musl (14 total)
> >=sys-libs/glibc-2.30
> rdepend amd64 exp profile default/linux/amd64/17.0/no-multilib/prefix/kernel-2.6.16+ (4 total)
> >=sys-libs/glibc-2.30
> media-libs/mesa[egl]
> rdepend amd64 exp profile default/linux/amd64/17.0/uclibc (8 total)
> >=dev-libs/boost-1.72.0:=[nls]
> >=sys-libs/glibc-2.30
> app-office/libreoffice-bin-6.4.6.2-r1
> rdepend amd64 exp profile default/linux/amd64/17.0/musl (14 total)
> >=sys-libs/glibc-2.31
> rdepend amd64 exp profile default/linux/amd64/17.0/no-multilib/prefix/kernel-2.6.16+ (4 total)
> >=sys-libs/glibc-2.31
> media-libs/mesa[egl]
> rdepend amd64 exp profile default/linux/amd64/17.0/uclibc (8 total)
> >=dev-libs/boost-1.72.0:=[nls]
> >=sys-libs/glibc-2.31
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=sys-libs/glibc-2.31
> app-office/libreoffice-6.4.3.2
> depend amd64 exp profile default/linux/amd64/17.0/no-multilib/prefix/kernel-2.6.16+ (4 total)
> media-libs/mesa[egl]
> depend amd64 exp profile default/linux/amd64/17.0/uclibc (8 total)
> >=dev-libs/boost-1.72.0:=[nls]
> depend amd64 exp profile prefix/linux/amd64 (4 total)
> >=dev-db/postgresql-9.0:*[kerberos]
> dev-lang/python:3.6[threads(+),xml]
> rdepend amd64 exp profile default/linux/amd64/17.0/no-multilib/prefix/kernel-2.6.16+ (4 total)
> media-libs/mesa[egl]
> rdepend amd64 exp profile default/linux/amd64/17.0/uclibc (8 total)
> >=dev-libs/boost-1.72.0:=[nls]
> rdepend amd64 exp profile prefix/linux/amd64 (4 total)
> >=dev-db/postgresql-9.0:*[kerberos]
> dev-lang/python:3.6[threads(+),xml]
> app-office/libreoffice-6.4.6.2-r1
> depend amd64 exp profile default/linux/amd64/17.0/no-multilib/prefix/kernel-2.6.16+ (4 total)
> media-libs/mesa[egl]
> depend amd64 exp profile default/linux/amd64/17.0/uclibc (8 total)
> >=dev-libs/boost-1.72.0:=[nls]
> depend amd64 exp profile prefix/linux/amd64 (4 total)
> >=dev-db/postgresql-9.0:*[kerberos]
> dev-lang/python:3.6[threads(+),xml]
> rdepend amd64 exp profile default/linux/amd64/17.0/no-multilib/prefix/kernel-2.6.16+ (4 total)
> media-libs/mesa[egl]
> rdepend amd64 exp profile default/linux/amd64/17.0/uclibc (8 total)
> >=dev-libs/boost-1.72.0:=[nls]
> rdepend amd64 exp profile prefix/linux/amd64 (4 total)
> >=dev-db/postgresql-9.0:*[kerberos]
> dev-lang/python:3.6[threads(+),xml]
Sanity check failed:
> app-office/libreoffice-bin-6.4.6.2-r1
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (1 total)
> >=sys-libs/glibc-2.31
Sanity check failed:
> app-office/libreoffice-bin-debug-6.4.3.2
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (2 total)
> =app-office/libreoffice-bin-6.4.3.2[gnome,java,kde]
> app-office/libreoffice-bin-debug-6.4.6.2-r1
> rdepend amd64 dev profile default/linux/amd64/17.0/x32 (2 total)
> =app-office/libreoffice-bin-6.4.6.2-r1[gnome,java,kde]
Need -r2 to fix the blocker. Please wait for -bin ... Unable to check for sanity:
> no match for package: app-office/libreoffice-bin-6.4.6.2-r2
arm64 done amd64 done x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0d4acccad2600018982de94c0bc1acd20a83a224 commit 0d4acccad2600018982de94c0bc1acd20a83a224 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-10-18 15:33:27 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-10-18 15:44:15 +0000 app-office/libreoffice-bin-debug: Cleanup vulnerable 6.4.3.2 Bug: https://bugs.gentoo.org/728964 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice-bin-debug/Manifest | 12 --- .../libreoffice-bin-debug-6.4.3.2.ebuild | 87 ---------------------- 2 files changed, 99 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5e24dd6faf950f372c48e7fc5d23ea5f1cae24e commit b5e24dd6faf950f372c48e7fc5d23ea5f1cae24e Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-10-18 15:33:23 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-10-18 15:44:15 +0000 app-office/libreoffice-bin: Cleanup vulnerable 6.4.3.2 Bug: https://bugs.gentoo.org/728964 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice-bin/Manifest | 12 - .../libreoffice-bin/libreoffice-bin-6.4.3.2.ebuild | 252 --------------------- 2 files changed, 264 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e01a518767238c5bb27c09d9c9022e8439f0f329 commit e01a518767238c5bb27c09d9c9022e8439f0f329 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-10-18 15:33:10 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-10-18 15:44:14 +0000 app-office/libreoffice-l10n: Cleanup vulnerable 6.4.3.2 Bug: https://bugs.gentoo.org/728964 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice-l10n/Manifest | 168 --------------------- .../libreoffice-l10n-6.4.3.2.ebuild | 91 ----------- 2 files changed, 259 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=29dba40a563b54381db7114c75187ebcae326272 commit 29dba40a563b54381db7114c75187ebcae326272 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-10-18 15:33:04 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-10-18 15:44:14 +0000 app-office/libreoffice: Cleanup vulnerable 6.4.3.2 Bug: https://bugs.gentoo.org/728964 Package-Manager: Portage-3.0.8, Repoman-3.0.1 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice/Manifest | 2 - app-office/libreoffice/libreoffice-6.4.3.2.ebuild | 551 ---------------------- 2 files changed, 553 deletions(-) Nothing to do for @office here anymore Unable to check for sanity:
> no match for package: app-office/libreoffice-6.4.6.2-r2
|