UbuntuUpdates.org

Package "libreoffice-l10n"

Name: libreoffice-l10n

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • office productivity suite -- Oromo help
  • office productivity suite -- Polish help
  • office productivity suite -- Portuguese help
  • office productivity suite -- Portuguese_brazilian help
Latest version: 1:6.0.7-0ubuntu0.18.04.10
Release: bionic (18.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libreoffice-l10n" in Bionic

Repository Area Version
base main 1:6.0.3-0ubuntu1
updates main 1:6.0.7-0ubuntu0.18.04.10
PPA: LibreOffice 1:6.2.5-0ubuntu0.18.04.1~lo1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:6.0.7-0ubuntu0.18.04.10 2019-09-24 15:06:35 UTC

  libreoffice-l10n (1:6.0.7-0ubuntu0.18.04.10) bionic-security; urgency=medium

  * SECURITY UPDATE: Unsafe URL assembly flaw in allowed script location check
    - debian/patches/CVE-2019-9854.diff: assemble the parsed url describing a
      script's location from the output of the preceding verification step.
    - CVE-2019-9854

 -- Marcus Tomlinson <email address hidden> Sat, 21 Sep 2019 13:44:15 +0200
Source diff to previous version
CVE-2019-9854 LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document

Version: 1:6.0.7-0ubuntu0.18.04.9 2019-08-19 13:08:56 UTC

  libreoffice-l10n (1:6.0.7-0ubuntu0.18.04.9) bionic-security; urgency=medium

  * SECURITY UPDATE: Insufficient URL validation allowing LibreLogo script execution
    - debian/patches/CVE-2019-9850_1_2.diff: decode escape codes and ban scripts
      with "LibreLogo" anywhere in its path.
    - CVE-2019-9850
  * SECURITY UPDATE: LibreLogo global-event script execution
    - debian/patches/CVE-2019-9850_1_2.diff: catch more LibreLogo script executions
      by expanding check to global events.
    - CVE-2019-9851
  * SECURITY UPDATE: Insufficient URL encoding flaw in allowed script location check
    - debian/patches/CVE-2019-9850_1_2.diff: ensure that all URLs leaving
      scriptURI2StorageUri() are percent-encoded.
    - CVE-2019-9852

 -- Marcus Tomlinson <email address hidden> Wed, 14 Aug 2019 15:15:42 +0100
Source diff to previous version
CVE-2019-9850 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained
CVE-2019-9851 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained
CVE-2019-9852 LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document

Version: 1:6.0.7-0ubuntu0.18.04.8 2019-07-17 19:06:46 UTC

  libreoffice-l10n (1:6.0.7-0ubuntu0.18.04.8) bionic-security; urgency=medium

  * SECURITY UPDATE: LibreLogo arbitrary script execution
    - debian/patches/CVE-2019-9848.diff: don't allow LibreLogo to be used with
      mouseover/etc dom-alike events.
    - CVE-2019-9848
  * SECURITY UPDATE: Remote bullet graphics retrieved in 'stealth mode'
    - debian/patches/CVE-2019-9849.diff: include bullet graphics in 'stealth
      mode' protection.
    - CVE-2019-9849

 -- Marcus Tomlinson <email address hidden> Tue, 16 Jul 2019 17:28:21 +0100
Source diff to previous version
CVE-2019-9848 LibreLogo arbitrary script execution
CVE-2019-9849 remote bullet graphics retrieved in 'stealth mode'

Version: 1:6.0.7-0ubuntu0.18.04.4 2019-04-16 18:07:00 UTC

  libreoffice-l10n (1:6.0.7-0ubuntu0.18.04.4) bionic; urgency=medium

  * debian/patches/jdk-11.0.2-javadoc.diff: fix architecture-independent build
    with OpenJDK 11 (debian bug #920331)

 -- Olivier Tilloy <email address hidden> Wed, 27 Feb 2019 12:11:27 +0100


About   -   Send Feedback to @ubuntu_updates