| Summary: | <app-office/libreoffice-7.3.6.2 <app-office/libreoffice-bin-7.3.6.2: arbitrary script execution via crafted link | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | office |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.libreoffice.org/about-us/security/advisories/CVE-2022-3140 | ||
| See Also: | https://github.com/gentoo/gentoo/pull/27755 | ||
| Whiteboard: | A2 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 873469, 876875 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2022-10-12 15:05:34 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a4787e7f0c1006fe08cbd67d5a3d484b2b25f78 commit 4a4787e7f0c1006fe08cbd67d5a3d484b2b25f78 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-10-12 17:57:22 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-10-12 18:22:16 +0000 app-office/libreoffice: unkeyword 7.3.4.2-r1 Bug: https://bugs.gentoo.org/876869 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice/libreoffice-7.3.4.2-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thanks, I always forget to add -bin to LO summaries.. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7416889d174e561a98c2ea5a7a2a47f5c96b5bdc commit 7416889d174e561a98c2ea5a7a2a47f5c96b5bdc Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-11-02 07:53:00 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-11-02 08:36:59 +0000 app-office/libreoffice-bin: 7.3.4.2 security cleanup Bug: https://bugs.gentoo.org/876869 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice-bin/Manifest | 9 - .../libreoffice-bin/libreoffice-bin-7.3.4.2.ebuild | 257 --------------------- 2 files changed, 266 deletions(-) Please cleanup, thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26ce497268a98584860d7908496b73c85cbb40fa commit 26ce497268a98584860d7908496b73c85cbb40fa Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-11-03 08:36:22 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-11-03 08:39:42 +0000 app-office/libreoffice: cleanup vulnerable 7.3.4.2-r1 Bug: https://bugs.gentoo.org/876869 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice/Manifest | 3 - ...Add-missing-nSize-set-for-Poppler-22.04.0.patch | 31 - ...t-FreeBSD-patch-for-Poppler-22.04.0-build.patch | 78 --- .../libreoffice/libreoffice-7.3.4.2-r1.ebuild | 665 --------------------- 4 files changed, 777 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d266b4cc9f82b89875aad5caa0ee17368cbcdebf commit d266b4cc9f82b89875aad5caa0ee17368cbcdebf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-12-19 02:01:40 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-19 02:04:28 +0000 [ GLSA 202212-04 ] LibreOffice: Arbitrary Code Execution Bug: https://bugs.gentoo.org/876869 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202212-04.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) GLSA released, all done. |