Package "libreoffice-sdbc-firebird"
Name: |
libreoffice-sdbc-firebird
|
Description: |
Firebird SDBC driver for LibreOffice
|
Latest version: |
1:6.4.7-0ubuntu0.20.04.14 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
universe |
Head package: |
libreoffice |
Homepage: |
http://www.libreoffice.org |
Links
Download "libreoffice-sdbc-firebird"
Other versions of "libreoffice-sdbc-firebird" in Focal
Changelog
libreoffice (1:6.4.7-0ubuntu0.20.04.9) focal-security; urgency=medium
* SECURITY UPDATE: Improper input validation enabling arbitrary Gstreamer
pipeline injection
- debian/patches/CVE-2023-6185.patch: escape url passed to gstreamer
- CVE-2023-6185
* SECURITY UPDATE: Link targets allow arbitrary script execution
- debian/patches/CVE-2023-6186-*.patch: multiple commits to fix
security issues.
- CVE-2023-6186
* patches/CppunitTest_desktop_lib-adjust-asserts-so-this-works.patch:
- Usage of expired certificates in CppunitTest_desktop_lib:
adjust asserts so this works again
-- Rico Tzschichholz <email address hidden> Mon, 11 Dec 2023 15:41:29 +0100
|
Source diff to previous version |
CVE-2023-6185 |
Improper input validation enabling arbitrary Gstreamer pipeline injection |
CVE-2023-6186 |
Link targets allow arbitrary script execution |
|
libreoffice (1:6.4.7-0ubuntu0.20.04.8) focal-security; urgency=high
* SECURITY UPDATE: Remote documents loaded without prompt via IFrame
- debian/patches/CVE-2023-2255-*.patch: multiple commits to fix
security issues.
- CVE-2023-2255
* SECURITY UPDATE: Array Index UnderFlow in Calc Formula Parsing
- debian/patches/CVE-2023-0950.patch: Obtain actual 0-parameter count
for OR(), AND() and 1-parameter functions
- CVE-2023-0950
-- Rico Tzschichholz <email address hidden> Thu, 25 May 2023 22:52:23 +0200
|
Source diff to previous version |
CVE-2023-2255 |
Improper access control in editor components of The Document Foundation LibreOffice allowed an attacker to craft a document that would cause external |
CVE-2023-0950 |
Improper Validation of Array Index vulnerability in the spreadsheet component of The Document Foundation LibreOffice allows an attacker to craft a sp |
|
libreoffice (1:6.4.7-0ubuntu0.20.04.7) focal-security; urgency=medium
[ Rico Tzschichholz ]
* SECURITY UPDATE: Empty entry in Java class path risks arbitrary
code execution
- debian/patches/CVE-2022-38745.patch: Avoid unnecessary empty
-Djava.class.path=.
- CVE-2022-38745
[ Rene Engelhard ]
* debian/patches/hrk-euro.diff: add EUR to .hr i18n;
add HRK<->EUR conversion rate to Calc and the Euro Wizard
* debian/patches/hrk-euro-default.diff: default to EUR for .hr
-- Rico Tzschichholz <email address hidden> Sun, 26 Mar 2023 20:00:54 +0200
|
Source diff to previous version |
CVE-2022-38745 |
Apache OpenOffice versions before 4.1.14 may be configured to add an empty entry to the Java class path. This may lead to run arbitrary Java code fro |
|
libreoffice (1:6.4.7-0ubuntu0.20.04.6) focal-security; urgency=medium
* SECURITY UPDATE: arbitrary script execution via Office URI Schemes
- debian/patches/CVE-2022-3140-1.patch: commands are always URLs in
wizards/source/access2base/DoCmd.xba.
- debian/patches/CVE-2022-3140-2.patch: filter out unwanted command
URIs in desktop/source/app/cmdlineargs.cxx.
- debian/patches/CVE-2022-3140-3.patch: check IFrame FrameURL target in
sfx2/source/appl/macroloader.cxx, sfx2/source/doc/iframe.cxx,
sfx2/source/inc/macroloader.hxx, sw/source/filter/html/htmlplug.cxx,
sw/source/filter/xml/xmltexti.cxx.
- debian/patches/CVE-2022-3140-4.patch: check impress/calc IFrame
FrameURL target in xmloff/source/draw/ximpshap.cxx.
- CVE-2022-3140
-- Marc Deslauriers <email address hidden> Fri, 14 Oct 2022 08:58:04 -0400
|
Source diff to previous version |
CVE-2022-3140 |
LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice |
|
libreoffice (1:6.4.7-0ubuntu0.20.04.5) focal-security; urgency=medium
* SECURITY UPDATE: Improper Certificate Validation vulnerability
- debian/patches/CVE-2022-26305.patch: compare authors using Thumbprint
in xmlsecurity/source/component/documentdigitalsignatures.cxx.
- CVE-2022-26305
* SECURITY UPDATE: stored passwords IV always the same
- debian/patches/CVE-2022-26306.patch: add Initialization Vectors to
password storage in
officecfg/registry/schema/org/openoffice/Office/Common.xcs,
svl/source/passwordcontainer/passwordcontainer.cxx,
svl/source/passwordcontainer/passwordcontainer.hxx.
- CVE-2022-26306
* SECURITY UPDATE: password storage master key weak entropy
- debian/patches/CVE-2022-26307-1.patch: make hash encoding match
decoding in
officecfg/registry/schema/org/openoffice/Office/Common.xcs,
svl/source/passwordcontainer/passwordcontainer.cxx,
svl/source/passwordcontainer/passwordcontainer.hxx,
uui/source/iahndl-authentication.cxx.
- debian/patches/CVE-2022-26307-2.patch: add infobar to prompt to
refresh to replace old format in include/sfx2/strings.hrc,
include/sfx2/viewfrm.hxx, sfx2/source/view/viewfrm.cxx.
- CVE-2022-26307
-- Marc Deslauriers <email address hidden> Thu, 29 Sep 2022 08:40:35 -0400
|
CVE-2022-26305 |
An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only |
CVE-2022-26306 |
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a sin |
CVE-2022-26307 |
LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a sin |
|
About
-
Send Feedback to @ubuntu_updates