[SECURITY] [DSA 5908-1] libreoffice security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5908-1] libreoffice security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 28 Apr 2025 19:20:07 +0000
Message-id: <aA/U577x6BlGRrWW@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5908-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
April 28, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreoffice
CVE ID         : CVE-2025-2866

Juray Sarinay discovered that PDF documents signed with the
adbe.pkcs7.sha1 standard were incompletely validated by LibreOffice,
which could cause invalid signatures to be accepted as legitimate.

For the stable distribution (bookworm), this problem has been fixed in
version 4:7.4.7-1+deb12u8.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgP1KwACgkQEMKTtsN8
TjasuRAAnAPyCH3STHeXsEVJiHnk/msFh95HPxkf9FtXnIwZqAq02CDzAJJi+9SI
a6KsPZ1tKUTgNMSd0dt7z4/jRlaB81uiaRqwinrLu153bObzmg8vigI7jglN0BiC
19TDG2+dlEKueOah6h59PFf/8oe3LZ3xHJIydN8f0u7XtUrUIg/+dBS1Zwbr4uWv
jIW+HSwbpOKSBD70SeovB6kkWuF6xGVcjfHuBcn0bwwjsXInJYJKBOCChEHAynpA
p8fecyHGRXVd2rjdQx3A8edP5NkfwXvECB220Sc2lF/8usxLVRXPdgVUlU1nWE5T
FDPUkJ6AsyysJjnnoTHRiOanxgAZPkQbioeTl117Zwv2ckgyIkdX3/dvwgJPZC5p
o3hpnc+Ie96pm4gNNO+0pa2cC+0m6jlz518XYhwak+M5IgFbjekpD9klQqLNPn6d
gba03ovqu/Tz683mIl5EWNGPIZwpouRgL9IRphtOaxp3hkrDzonhH7brv2xIC55n
pI97BoHbl8xNXC/CMDIMsF7IRPTH5ydKJXMqEmcoYfhcsrxqizemq7MbKZpWU+CV
ZOhGZbIS3rGdm+/RYWKqpIiOwDeddQP+9kzBjLQeVlOhUQM+c4lTd05Y8w987BvP
SSayZ+2pg5zIcdnC7HSLNAeXhuqV0VAX8/diVI70B/W87CIdMn0=
=Yqcr
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5907-1] linux security update
Next by Date: [SECURITY] [DSA 5909-1] request-tracker5 security update
Previous by thread: [SECURITY] [DSA 5907-1] linux security update
Next by thread: [SECURITY] [DSA 5909-1] request-tracker5 security update
Index(es):
- Date
- Thread