Package "libreoffice-style-human"

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial10) xenial-security; urgency=medium

  * SECURITY UPDATE: Unsafe URL assembly flaw in allowed script location check
    - debian/patches/CVE-2019-9854.diff: assemble the parsed url describing a
      script's location from the output of the preceding verification step.
    - CVE-2019-9854

 -- Marcus Tomlinson <email address hidden> Sat, 21 Sep 2019 13:44:15 +0200

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial9) xenial-security; urgency=medium

  * SECURITY UPDATE: Insufficient URL validation allowing LibreLogo script execution
    - debian/patches/CVE-2019-9850_1_2.diff: decode escape codes and ban scripts
      with "LibreLogo" anywhere in its path.
    - CVE-2019-9850
  * SECURITY UPDATE: LibreLogo global-event script execution
    - debian/patches/CVE-2019-9850_1_2.diff: catch more LibreLogo script executions
      by expanding check to global events.
    - CVE-2019-9851
  * SECURITY UPDATE: Insufficient URL encoding flaw in allowed script location check
    - debian/patches/CVE-2019-9850_1_2.diff: ensure that all URLs leaving
      scriptURI2StorageUri() are percent-encoded.
    - CVE-2019-9852

 -- Marcus Tomlinson <email address hidden> Wed, 14 Aug 2019 15:16:33 +0100

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial8) xenial-security; urgency=medium

  * SECURITY UPDATE: LibreLogo arbitrary script execution
    - debian/patches/CVE-2019-9848.diff: don't allow LibreLogo to be used with
      mouseover/etc dom-alike events.
    - CVE-2019-9848
  * SECURITY UPDATE: Remote bullet graphics retrieved in 'stealth mode'
    - debian/patches/CVE-2019-9849.diff: include bullet graphics in 'stealth
      mode' protection.
    - CVE-2019-9849

 -- Marcus Tomlinson <email address hidden> Tue, 16 Jul 2019 17:28:21 +0100

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial7) xenial; urgency=medium

  [ Ikuya Awashiro ]
  * debian/patches/new-japanese-era-name.patch (LP: #1827451):
    Add new Japanse era name "Reiwa" support which taken from upstream:
    https://cgit.freedesktop.org/libreoffice/core/commit/?id=cacbb0faef77ae8462de9ff5c7307a6a2e28b2bb
    https://cgit.freedesktop.org/libreoffice/core/commit/?id=597c5d75b8e72d429e096535334eaac7973455ef

   [ Olivier Tilloy ]
   * debian/patches/java.vendor-Ubuntu.patch: update to also recognize
     "Private Build" as java.vendor (for custom PPA builds) (LP: #1822839)
   * debian/patches/java.vendor-Ubuntu.patch: also make jvmfwk recognize
     "Ubuntu" as java.vendor (LP: #1822839)

   [ Rene Engelhard ]
   * debian/patches/java.vendor-Debian.diff: make jvmfwk recognize "Debian"
     as java.vendor as that's what is set in openjdk 11 >= 11.0.3+4-2
     - see #926009 (closes: #926318) (LP: #1822839)

 -- Marcus Tomlinson <email address hidden> Fri, 03 May 2019 15:40:44 +0100

  libreoffice (1:5.1.6~rc2-0ubuntu1~xenial6) xenial-security; urgency=medium

  * SECURITY UPDATE: incorrect integer data type in StgSmallStrm class
    - debian/patches/CVE-2018-10119.patch: use short->sal_Int32 like in
      StgDataStrm in sot/source/sdstor/stgstrms.cxx.
    - CVE-2018-10119
  * SECURITY UPDATE: heap-based buffer overflow in SwCTBWrapper::Read
    - debian/patches/CVE-2018-10120.patch: check index before use in
      sw/source/filter/ww8/ww8toolbar.cxx.
    - CVE-2018-10120
  * SECURITY UPDATE: information disclosure vulnerability via SMB link
    - debian/patches/CVE-2018-10583.patch: set Referer on link
      mediadescriptor in sw/source/filter/xml/xmltexti.cxx.
    - CVE-2018-10583
  * SECURITY UPDATE: Directory traversal flaw in script execution
    - debian/patches/CVE-2018-16858.patch: keep pyuno script processing
      below base uri in scripting/source/pyprov/pythonscript.py.
    - CVE-2018-16858

 -- Marc Deslauriers <email address hidden> Mon, 28 Jan 2019 11:59:02 -0500