UbuntuUpdates.org

Package "libreoffice-help-fr"

Name: libreoffice-help-fr

Description:

office productivity suite -- French help
Latest version: 4:24.2.7-0ubuntu0.24.04.2
Release: noble (24.04)
Level: security
Repository: main
Head package: libreoffice
Homepage: http://www.libreoffice.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libreoffice-help-fr"

All arch deb package
APT INSTALL

Other versions of "libreoffice-help-fr" in Noble

Repository Area Version
base main 4:24.2.2-0ubuntu1
updates main 4:24.2.7-0ubuntu0.24.04.2
PPA: LibreOffice 4:24.8.4~rc2-0ubuntu0.24.04.1~lo1

Changelog

Version: 4:24.2.7-0ubuntu0.24.04.2 2025-01-27 18:07:00 UTC

  libreoffice (4:24.2.7-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: Path traversal leading to arbitrary .ttf file write
    - debian/patches/CVE-2024-12425.patch: be conservative on allowed temp
      font names
    - CVE-2024-12425
  * SECURITY UPDATE: URL fetching can be used to exfiltrate arbitrary INI
      file values and environment variables
    - debian/patches/CVE-2024-12426-1.patch: consider VndSunStarExpand an
      exotic protocol
    - debian/patches/CVE-2024-12426-2.patch: look at 'embedded' protocols too
    - debian/patches/CVE-2024-12426-3.patch: Fix check for further exotic
      protocols
    - CVE-2024-12426

 -- Rico Tzschichholz <email address hidden> Mon, 20 Jan 2025 09:58:29 +0100
Source diff to previous version
CVE-2024-12425 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute P
CVE-2024-12426 Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice.

Version: 4:24.2.5-0ubuntu0.24.04.2 2024-08-15 14:07:18 UTC

  libreoffice (4:24.2.5-0ubuntu0.24.04.2) noble-security; urgency=medium

  * No-change rebuild in the -security pocket to fix CVE-2024-6472.
    (LP: #2076130)

 -- Marc Deslauriers <email address hidden> Tue, 13 Aug 2024 10:32:23 -0400
Source diff to previous version
2076130 CVE-2024-6472
CVE-2024-6472 Certificate Validation user interface in LibreOffice allows potential vulnerability. Signed macros are scripts that have been digitally signed by

Version: 4:24.2.4-0ubuntu0.24.04.2 2024-07-04 15:07:06 UTC

  libreoffice (4:24.2.4-0ubuntu0.24.04.2) noble-security; urgency=medium

  * No-change rebuild in the -security pocket to fix CVE-2024-5261.
    (LP: #2071624)

 -- Marc Deslauriers <email address hidden> Tue, 02 Jul 2024 07:26:26 -0400
Source diff to previous version
2071624 CVE-2024-5261
CVE-2024-5261 Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be use

Version: 4:24.2.3-0ubuntu0.24.04.2 2024-05-28 13:07:19 UTC

  libreoffice (4:24.2.3-0ubuntu0.24.04.2) noble-security; urgency=medium

  * No-change rebuild in the -security pocket to fix CVE-2024-3044.

 -- Marc Deslauriers <email address hidden> Thu, 23 May 2024 10:47:24 -0400
CVE-2024-3044 Unchecked script execution in Graphic on-click binding in affected LibreOffice versions allows an attacker to create a document which without prompt


About   -   Send Feedback to @ubuntu_updates