it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 5252-1] libreoffice security update

From: Moritz Muehlenhoff <jmm AT debian.org>
To: debian-security-announce AT lists.debian.org
Subject: [IT-SecNots] [SECURITY] [DSA 5252-1] libreoffice security update
Date: Wed, 12 Oct 2022 17:35:07 +0000
Authentication-results: mail.piratenpartei.de; dkim=none; spf=none (mail.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
List-archive: https://lists.debian.org/msgid-search/Y0b6y0/9obOmwknu AT seger.debian.org
List-id: <debian-security-announce.lists.debian.org>
List-url: <http://lists.debian.org/debian-security-announce/>
Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=Wiy+0W4N2SRK45szsrpUsM3gWGBmzE4wm2OgYmuaf4c=; b=t5 Pwy9XkFYvsvamwHig/NtwYdEiidpTfn/n5j8UPmPhcjzfgAMuz0W7IXnpsYnAKRtZlCCiNEtg3xXV jvvWM8d6S3thWmDW1GLHBVRnICi5MhKbQqCSnYpSLele8RUAqQyIlM5ZZUtUBktJEJg303HscowTm DZqXlaT63GxGFNIquPk13QWARofSM+j7Afew/vp7N0fUPr45fuWwHat+ByM0QveaGynKE8ryzT1R9 BNKTGS7XDMKtTTB7S8GYkoT/YX//kj9rjnUN9Je1Pg53NSfm1VDeRtt40EyW7nFUA6BQntNh5St0M QsYm2ovx843WZJE6B09vjJzM6jSgNyQQ==;
Old-return-path: <jmm AT seger.debian.org>
Priority: urgent
Resent-date: Wed, 12 Oct 2022 17:35:31 +0000 (UTC)
Resent-from: debian-security-announce AT lists.debian.org
Resent-message-id: <YqSlaOmD3TL.A.dkE.jrvRjB@bendel>
Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5252-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 12, 2022 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : libreoffice
CVE ID : CVE-2022-3140

It was discovered that insufficient validation of
"vnd.libreoffice.command" URI schemes could result in the execution of
arbitrary macro commands.

For the stable distribution (bullseye), this problem has been fixed in
version 1:7.0.4-4+deb11u4.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmNG+qAACgkQEMKTtsN8
Tja3uRAAkiNgui3BXi1QzYKs8IV7gWHqaGh2Yha+I0jksPzSPpIujCPo7p7EXSs8
Lm0y36dxT0rl3cokZtlNmDb0WgU7NVIgiu8+sI1jQuob1MT6vAN7BJUDOzzXxWUF
736lg9cJexJCOk+DHZq9oTW6bT0s+e+nAXixhsr4ZphrllMasbvm+LyB5hYRsyVx
A3tR+Be7bwaflqRVLIYTozL3K6pXeQvcZp7BjEyxMwgZ01+A+h44CmG+fBnVbE87
dX0GHonx8N41eodaXRX0rUq8RESPSkKj7cuqopta3YQkQIwZ6ZxsN4rPSKidZXEl
f+31/H3sw9ckhv8ShgpIpzdqZ0ehVoth0zDo+X/ZGEmFEsDHnt7GtSAyk5/w6Hw9
5gwMdQSlrWTHUGLw0ER9bHSXJYlhqUZ92WnCkHKsGYXkdoMpm2zXP3qZjXXkw2rg
a3F9M61uOEYwNuKWpTCN3kfOUm8ym7DhyXqRkn2+1CQ3jpdqgXGK4/7NF3J224hA
ARvnaYFo9JVCuRabznkWZJ1fI0+AjsEdya060X+TlkAX5JWHS5oJHrBOqbCugj3j
3dPKd1IFDkiN78dAsePpUo6m9UOEYV75vBkvKtyQ1nuexF9MOawycPbiEelwE3fk
GnyVTdww4lX+pXAs+N8IBv+Ydw8SNAVDsy6sRxpzBTBwa3+Xnf0=
=rIOZ
-----END PGP SIGNATURE-----

[IT-SecNots] [SECURITY] [DSA 5252-1] libreoffice security update, Moritz Muehlenhoff, 12.10.2022

Archiv bereitgestellt durch MHonArc 2.6.24.