CVE-2022-3140: LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice.command' specific to LibreOffice was added. In the affected versions of LibreOffice links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could result in arbitrary script execution without warning. This issue affects: The Document Foundation LibreOffice 7.4 versions prior to 7.4.1; 7.3 versions prior to 7.3.6. Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4a4787e7f0c1006fe08cbd67d5a3d484b2b25f78 commit 4a4787e7f0c1006fe08cbd67d5a3d484b2b25f78 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-10-12 17:57:22 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-10-12 18:22:16 +0000 app-office/libreoffice: unkeyword 7.3.4.2-r1 Bug: https://bugs.gentoo.org/876869 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice/libreoffice-7.3.4.2-r1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thanks, I always forget to add -bin to LO summaries..
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7416889d174e561a98c2ea5a7a2a47f5c96b5bdc commit 7416889d174e561a98c2ea5a7a2a47f5c96b5bdc Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-11-02 07:53:00 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-11-02 08:36:59 +0000 app-office/libreoffice-bin: 7.3.4.2 security cleanup Bug: https://bugs.gentoo.org/876869 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice-bin/Manifest | 9 - .../libreoffice-bin/libreoffice-bin-7.3.4.2.ebuild | 257 --------------------- 2 files changed, 266 deletions(-)
Please cleanup, thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26ce497268a98584860d7908496b73c85cbb40fa commit 26ce497268a98584860d7908496b73c85cbb40fa Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2022-11-03 08:36:22 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2022-11-03 08:39:42 +0000 app-office/libreoffice: cleanup vulnerable 7.3.4.2-r1 Bug: https://bugs.gentoo.org/876869 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> app-office/libreoffice/Manifest | 3 - ...Add-missing-nSize-set-for-Poppler-22.04.0.patch | 31 - ...t-FreeBSD-patch-for-Poppler-22.04.0-build.patch | 78 --- .../libreoffice/libreoffice-7.3.4.2-r1.ebuild | 665 --------------------- 4 files changed, 777 deletions(-)
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=d266b4cc9f82b89875aad5caa0ee17368cbcdebf commit d266b4cc9f82b89875aad5caa0ee17368cbcdebf Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-12-19 02:01:40 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-12-19 02:04:28 +0000 [ GLSA 202212-04 ] LibreOffice: Arbitrary Code Execution Bug: https://bugs.gentoo.org/876869 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202212-04.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+)
GLSA released, all done.
