#18991 closed enhancement (fixed)
libreoffice-7.6.4.1
Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
---|---|---|---|
Priority: | high | Milestone: | 12.1 |
Component: | BOOK | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New point version.
Change History (9)
comment:1 by , 14 months ago
Owner: | changed from | to
---|---|
Status: | new → assigned |
comment:2 by , 14 months ago
follow-up: 4 comment:3 by , 14 months ago
Just an observation from looking at the book...
I would move the sed for ICU 74+ up right after the libxml2 patch. Seems more organised and would be easier to remove when they are fixed downsream. You patch libre, do a bunch of shit, do the sed for icu (which is just a patch).
comment:4 by , 14 months ago
Replying to Joe Locash:
Just an observation from looking at the book...
I would move the sed for ICU 74+ up right after the libxml2 patch. Seems more organised and would be easier to remove when they are fixed downsream. You patch libre, do a bunch of shit, do the sed for icu (which is just a patch).
I'll do that with this update.
We're talking about patching libxml2 to fix the header removal problems (which will also be present in the next libxml2 release). Once that is done, I will rediff the patch to remove the header inclusion changes - but the const XMLError changes will still be required.
comment:5 by , 14 months ago
List of fixed bugs Bugs fixed compared to 7.6.3 RC2: tdf#99822 FILEOPEN: Floating table objects in tables horizontal position relative to margin is wrong in Writer tdf#104288 FILESAVE RTF: File size increases with factor 5 after re-saving a certain RTF-document tdf#125580 Slightly off value when adding date plus time values tdf#127498 TIMEVALUE() sometimes returns a slightly less or greater than expected value tdf#127547 Freeze/crash in Microsoft Print to PDF dialog when trying to paste (Ctrl- V) a filename in the 'Save Print Output As' dialog tdf#148000 FILEOPEN PPTX: curved text doesn't line break properly and becomes too wide tdf#148389 The bracket of "display of bookmarks formatting" doesn't position itself properly at undo tdf#152571 Very slow save (macOS, ARM) tdf#153178 FILEOPEN RTF Paragraphs before table disappear or open inside a frame tdf#153194 FILEOPEN RTF Empty paragraph after page break moves to previous page tdf#153693 Error in Api LanguageTool: partial words or large sections underlined when writing in Spanish tdf#153969 Text hidden when importing PDF document with RTL text and using he-IL locale tdf#155092 UI: Erratic behaviour after resizing spreadsheet window size tdf#155266 VIEWING / SCROLLING: very laggy jerky scrolling on macOS Writer: scroll lag tdf#156565 FILESAVE PDF Using tabulator inside a link results to a PAC2021 "Inconsistent entry found" error tdf#157589 PDF: Conversion of pdf to docx or doc collapses all content onto one page tdf#157768 Highlighted no-break space not rendered in pdf and print-preview tdf#157816 PAC gives >"Link" annotation is not nested inside a "Link" structure element< error with references and caption frame tdf#157911 Wrong borders for tables split across multiple pages tdf#157992 UI Changing a spelling error in the spelling dialog removes footnote from the edited sentence tdf#158044 RTF import paragraph style attribute handling wrong tdf#158072 Fails to apply AutoFilter or Standard Filter in Mail Merge dialog after it was applied once successfully (Writer+Calc) tdf#158083 FILESAVE RTF Images are saved twice tdf#158090 No way to run signed macros from unsigned document in Medium security level tdf#158094 Can't remove trusted certificate in Macro Security tdf#158117 LanguageTool integration: "+" character not recognized for the user ID tdf#158121 Math - Print settings not read after changing tdf#158169 Crash when using multiple Views tdf#158171 Crash when double-clicking DeepL translation dialog OK button tdf#158202 Candy template turns blue when applied a second time from sidebar's Master Slides deck tdf#158203 Freshes template turns blue when applied a second time from sidebar's Master Slides deck tdf#158204 Midnightblue template turns light blue if applied from sidebar's Master Slides deck tdf#158224 EDITING CRASH Cannot convert bitmap to polygons [Noel Grandin] tdf#158265 Cell Format Date changes cell value in case of high resolution date/time values tdf#158307 Android Viewer: Formula bar in Calc partially cut off with large font size (Accessibility) tdf#158331 Android Viewer: "Save as" creates 0 byte file (with Experimentation Mode turned off) tdf#158336 "**Expression is Faulty**" after copying/pasting formula in another table tdf#158338 Opening file with image when JAWS is running causes endless loop tdf#158341 FILEOPEN DOCX Endless loop on opening file tdf#158396 Frame title should show DocumentTitle when set in MediaDescriptor tdf#158398 Android Viewer: Improve display of spreadsheet row/column headers
comment:6 by , 14 months ago
Priority: | normal → high |
---|
This version fixes CVE-2023-6345, the critical Skia security vulnerability that's under active exploitation (we fixed this in qtwebengine on 12/01/2023): https://git.libreoffice.org/core/+/f1b017b19918df3406e77992ff499207235952c0
This is going to need a security advisory.
comment:7 by , 14 months ago
Resolution: | → fixed |
---|---|
Status: | assigned → closed |
Fixed at 8d0bd18ad54347749dec129ebae20bd15d1ec686
I filed SA-12.0-054. The attack vector would be a malicious image inside of a document.
comment:8 by , 14 months ago
The security advisory needs to be updated. Two additional vulnerabilities were fixed - CVE-2023-6185, and CVE-2023-6186
comment:9 by , 14 months ago
CVE-2023-6185: LibreOffice supports embedded videos in file formats via platform audio/video support. Typically under Linux this is via gstreamer. In affected version of LibreOffice the filename of the embedded video is not sufficiently escaped when passed to gstreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
CVE-2023-6186: LibreOffice supports hyperlinks. In addition to the typical common protocols such as http/https hyperlinks can also have target URLs that can launch built-in macros or dispatch built-in internal commands. In affected version of LibreOffice there are scenarios where these can be executed without warning if the user activates such hyperlinks. In later versions the users's explicit macro execution permissions for the document are now consulted if these non-typical hyperlinks can be executed. The possibility to use these variants of hyperlink targets for floating frames has been removed.
Updated SA-12.0-054 to record new details on these vulnerabilities.
Patch for libxml2-2.12.x and sed for ICU 74+ are still needed.