From http://www.libreoffice.org/about-us/security/advisories/ :
Fixed in LibreOffice 4.4.6/5.0.0
CVE-2015-5214 DOC Bookmark Status Memory Corruption
Fixed in LibreOffice 4.4.5/5.0.0
CVE-2015-4551 Arbitrary file disclosure in Calc and Writer
CVE-2015-5212 ODF Integer Underflow (PrinterSetup Length)
CVE-2015-5213 DOC piecetable Integer Overflow
We're going for 22.214.171.124 as stabilization target (which was bumped today; I guess we can wait for a few days here to make sure nothing's obviously wrong with it).
[Note that the crashy gtk3 frontend will be stable.masked.]
I'm preparing the binary packages.
Arches please test and stabilize, target "amd64 x86"
Please especially do some runtime testing (i.e. start the program and play with it) of the binary package app-office/libreoffice-bin.
Note, you can disregard any bugs about crashy behaviour with USE=gtk3; the gtk3 frontend is indeed unstable and the useflag has been stable.masked for libreoffice-5.*
Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
All vulnerable versions removed. As detailed in comment #0, 4.4.6 can stay.
(In reply to Agostino Sarubbo from comment #0)
> From http://www.libreoffice.org/about-us/security/advisories/ :
> Fixed in LibreOffice 4.4.6/5.0.0
> CVE-2015-5214 DOC Bookmark Status Memory Corruption
> Fixed in LibreOffice 4.4.5/5.0.0
> CVE-2015-4551 Arbitrary file disclosure in Calc and Writer
> CVE-2015-5212 ODF Integer Underflow (PrinterSetup Length)
> CVE-2015-5213 DOC piecetable Integer Overflow
Added to an existing GLSA Request.
app-office/openoffice-bin was missed.
@maintainer(s), please clean the vulnerable version from the tree:
This issue was resolved and addressed in
GLSA 201611-03 at https://security.gentoo.org/glsa/201611-03
by GLSA coordinator Aaron Bauman (b-man).