From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#30414: Libreoffice CVE-2018-6871 [remote read of any local files] Date: Sat, 10 Feb 2018 13:52:46 -0500 Message-ID: <20180210185246.GA18573@jasmine.lan> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="7AUc2qLy4jB3hD7Z" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:53170) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ekaHl-0006uG-PA for bug-guix@gnu.org; Sat, 10 Feb 2018 13:54:18 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ekaHi-0001z8-Em for bug-guix@gnu.org; Sat, 10 Feb 2018 13:54:05 -0500 Received: from debbugs.gnu.org ([208.118.235.43]:57559) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1ekaHi-0001ya-B1 for bug-guix@gnu.org; Sat, 10 Feb 2018 13:54:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ekaHi-0007Q0-2M for bug-guix@gnu.org; Sat, 10 Feb 2018 13:54:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51959) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ekaGc-00064J-54 for bug-guix@gnu.org; Sat, 10 Feb 2018 13:52:55 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ekaGX-0000E6-V5 for bug-guix@gnu.org; Sat, 10 Feb 2018 13:52:54 -0500 Received: from out2-smtp.messagingengine.com ([66.111.4.26]:45875) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1ekaGX-0000Ca-OH for bug-guix@gnu.org; Sat, 10 Feb 2018 13:52:49 -0500 Received: from localhost (c-76-124-202-137.hsd1.pa.comcast.net [76.124.202.137]) by mail.messagingengine.com (Postfix) with ESMTPA id 9F78D7E520 for ; Sat, 10 Feb 2018 13:52:47 -0500 (EST) Content-Disposition: inline List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 30414@debbugs.gnu.org --7AUc2qLy4jB3hD7Z Content-Type: text/plain; charset=us-ascii Content-Disposition: inline We need to fix CVE-2018-6871 in our LibreOffice package. This bug allows remote attackers to read any file accessible from LibreOffice by supplying a crafted file to open in LibreOffice. Apparently the bug is fixed in LibreOffice 5.4.5 or 6.0.1. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871 https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure --7AUc2qLy4jB3hD7Z Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAlp/P34ACgkQJkb6MLrK fwjfHg//V478l/SK/nFagSs+UGS1XEW1uJWPpLz6g7VigjOFK6Sh8qCt/US3bR6v M+cCey2W6Bp1+dnqjKxXqZS/2ZmqzGOTwBckgzkJjXAAyiGNG2Rr9NXrh9kmjOjw eyPhATIsTgui4LwnzpdxI+Df06Sv7ja1J2bFiTfbZ1WCHzU6f1vk2g5iQG8hA5yG oseYRhx9NJ6p4Mc3xDXe2xnsu9cXcA1y/eHwSX7Hwe1h9miFK56qGI2ZuHXtMvZl CQDzlaEa1eAz2Twr75VWLzxzdObgzcNe4YFVfkNxZz0n2OXphQSxDS3qKQDONPzc e0Yru/8HZPkQ3KtGILPm42GhxV2x6vtCfxL4+SOrAjlSvxlJaCNhJ5giSwSZtOkO /UVrOeewrHGaSfzJgVukXIU9F37OcDwC3baQE3zOLkvHNre5tSZ1lp/up+V63oUS oWe7DRctrmr9uweYvCj5uSvgD/cV4mJKQ5Vf6X+sug0rxEvN7+ztB6sMgQNw7EeC EsOBE7w3NHquD9PFnPvE4GIWALO8xwLPtwwAcrNTgS6VKU64fs3xU0yJIblQVILT bDxQt9EmARaIx3S4Jlm6dVHhaGUqhbgouu4m9iY7lExx3eR60+Z417ZETHW+3cgR GhIBs8w7snjLKqlg2Y9Ly7iVFxZltNH2TTEixppsm0MuXsXD2zo= =+zb2 -----END PGP SIGNATURE----- --7AUc2qLy4jB3hD7Z--