LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document. CVE: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0795 Upstream Fix: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
PR with 5.0.5.2 release exists: https://github.com/gentoo/gentoo/pull/807
commit cb36ebae854f4e961a84086d37a929527cb0176c Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Feb 19 23:04:02 2016 app-office/libreoffice-l10n: Security bump (bug #575152). Package-Manager: portage-2.2.27 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> commit 8979b009efc080cd59bbe5368cc2eca8ebb51084 Author: Lars Wendler <polynomial-c@gentoo.org> Date: Fri Feb 19 23:02:49 2016 app-office/libreoffice: Security bump (bug #575152). Package-Manager: portage-2.2.27 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
still needs libreoffice-bin rebuild; I'm at it
Arches please TEST (especially the fresh -bin package) and stabilize =app-office/libreoffice-5.0.5.2 =app-office/libreoffice-l10n-5.0.5.2 =app-office/libreoffice-bin-5.0.5.2 =app-office/libreoffice-bin-debug-5.0.5.2 Target: amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Cleanup done. Thanks everyone. Office out.
CVE-2016-0795 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-0795): LibreOffice before 5.0.5 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted LwpTocSuperLayout record in a LotusWordPro (lwp) document.
GLSA Vote: No
