Re: Wheezy update of libreoffice?
Hi,
On Wed, Jul 27, 2016 at 10:03:13AM +0200, Balint Reczey wrote:
> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of libreoffice:
> https://security-tracker.debian.org/tracker/CVE-2016-4324
>
> Would you like to take care of this yourself?
>
> If yes, please follow the workflow we have defined here:
> https://wiki.debian.org/LTS/Development
Didn't plan to...
At least the patch doesn't apply and the code looks considerably
different, so given wheezy was EOL anyways I just didn't care.
But I see that Ubuntu fixed it because they apparently still support it?
libreoffice (1:3.5.7-0ubuntu11) precise-security; urgency=low
* SECURITY UPDATE: Denial of service and possible arbitrary code execution
via a crafted RTF file
- debian/patches/rtf-use-after-free.diff: Prevent rtf use-after-free
- CVE-2016-4324
-- Bjoern Michaelsen <bjoern.michaelsen@canonical.com> Fri, 24 Jun 2016 21:56:05 +0200
so I could take this as a base...
> If you don't want to take care of this update, it's not a problem, we
> will do our best with your package. Just let us know whether you would
> like to review and/or test the updated package before it gets released.
I would actually believe (almost) noone will use 3.5 anymore but (at least,
if they stayed on wheezy) wheezy-backports - that one would need the update,
too, though.. - or something newer (jessie?) so I consider this not that
important... But will do so.
Regards,
Rene
Reply to: