[SCM] LibreOffice packaging repository branch, ubuntu-precise-3.5, updated. libreoffice_3.5.2_rc2-1-164-g10e447e
The following commit has been merged in the ubuntu-precise-3.5 branch:
commit 10e447eec3c13a2f35286fab0a001884e4136c6b
Author: Bjoern Michaelsen <bjoern.michaelsen@canonical.com>
Date: Thu Jan 10 00:13:22 2013 +0100
release to proposed
diff --git a/changelog b/changelog
index 38afa4b..84c2529 100644
--- a/changelog
+++ b/changelog
@@ -1,5 +1,6 @@
-libreoffice (1:3.5.7-0ubuntu3) UNRELEASED; urgency=low
+libreoffice (1:3.5.7-0ubuntu3) precise-proposed; urgency=low
+ * remove upstreamed security fix for CVE-2012-2665
* backport SdModule::GetSdOptions: Process /usr/lib64/libreoffice/program/soffice.bin was killed by signal 11 (SIGSEGV) (LP: #1097323)
* backport crash when scrolling in multiselection in slide sorter (LP: #1097360)
* backport multi-threaded XIOError segv (LP: #1097370)
@@ -24,6 +25,21 @@ libreoffice (1:3.5.7-0ubuntu3) UNRELEASED; urgency=low
-- Bjoern Michaelsen <bjoern.michaelsen@canonical.com> Tue, 08 Jan 2013 17:09:36 +0100
+libreoffice (1:3.5.4-0ubuntu1.1) precise-security; urgency=low
+
+ * SECURITY UPDATE: arbitrary code execution via XML manifest encryption
+ tag parsing code
+ - debian/patches/CVE-2012-2665.diff: merge base64 encoders/decoders,
+ check key size, unwind manifest xml parser and follow tag hierarchy
+ model, count and order of receipt of properties doesn't matter.
+ - debian/patches/CVE-2012-2665-binfilter.diff: use sax::Converter::
+ base64 code instead, ThreeByteToFourByte and friends are no longer in
+ use.
+ - patches taken from Debian 1:3.5.4-7 package.
+ - CVE-2012-2665
+
+ -- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 07 Aug 2012 08:30:47 -0400
+
libreoffice (1:3.5.7-0ubuntu2) precise-proposed; urgency=low
[Nobuto MURATA]
--
LibreOffice packaging repository
Reply to: