[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of libreoffice?


On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libreoffice:
> https://security-tracker.debian.org/tracker/CVE-2016-4324
> Would you like to take care of this yourself?
> If yes, please follow the workflow we have defined here:
> https://wiki.debian.org/LTS/Development

Didn't plan to...

At least the patch doesn't apply and the code looks considerably
different, so given wheezy was EOL anyways I just didn't care.

But I see that Ubuntu fixed it because they apparently still support it?

libreoffice (1:3.5.7-0ubuntu11) precise-security; urgency=low

  * SECURITY UPDATE: Denial of service and possible arbitrary code execution
    via a crafted RTF file
    - debian/patches/rtf-use-after-free.diff: Prevent rtf use-after-free
    - CVE-2016-4324

 -- Bjoern Michaelsen <bjoern.michaelsen@canonical.com>  Fri, 24 Jun 2016 21:56:05 +0200

so I could take this as a base...

> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.

I would actually believe (almost) noone will use 3.5 anymore but (at least,
if they stayed on wheezy) wheezy-backports - that one would need the update,
too, though.. - or something newer (jessie?) so I consider this not that
important... But will do so.



Reply to: