#18991 closed enhancement (fixed)
libreoffice-7.6.4.1
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | high | Milestone: | 12.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version.
Change History (9)
comment:1 by , 5 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 5 months ago
follow-up: 4 comment:3 by , 5 months ago
Just an observation from looking at the book...
I would move the sed for ICU 74+ up right after the libxml2 patch. Seems more organised and would be easier to remove when they are fixed downsream. You patch libre, do a bunch of shit, do the sed for icu (which is just a patch).
comment:4 by , 5 months ago
Replying to Joe Locash:
Just an observation from looking at the book...
I would move the sed for ICU 74+ up right after the libxml2 patch. Seems more organised and would be easier to remove when they are fixed downsream. You patch libre, do a bunch of shit, do the sed for icu (which is just a patch).
I'll do that with this update.
We're talking about patching libxml2 to fix the header removal problems (which will also be present in the next libxml2 release). Once that is done, I will rediff the patch to remove the header inclusion changes - but the const XMLError changes will still be required.
comment:5 by , 5 months ago
List of fixed bugs
Bugs fixed compared to 7.6.3 RC2:
tdf#99822 FILEOPEN: Floating table objects in tables horizontal position relative to
margin is wrong in Writer
tdf#104288 FILESAVE RTF: File size increases with factor 5 after re-saving a certain
RTF-document
tdf#125580 Slightly off value when adding date plus time values
tdf#127498 TIMEVALUE() sometimes returns a slightly less or greater than expected
value
tdf#127547 Freeze/crash in Microsoft Print to PDF dialog when trying to paste (Ctrl-
V) a filename in the 'Save Print Output As' dialog
tdf#148000 FILEOPEN PPTX: curved text doesn't line break properly and becomes too
wide
tdf#148389 The bracket of "display of bookmarks formatting" doesn't position itself
properly at undo
tdf#152571 Very slow save (macOS, ARM)
tdf#153178 FILEOPEN RTF Paragraphs before table disappear or open inside a frame
tdf#153194 FILEOPEN RTF Empty paragraph after page break moves to previous page
tdf#153693 Error in Api LanguageTool: partial words or large sections underlined
when writing in Spanish
tdf#153969 Text hidden when importing PDF document with RTL text and using he-IL
locale
tdf#155092 UI: Erratic behaviour after resizing spreadsheet window size
tdf#155266 VIEWING / SCROLLING: very laggy jerky scrolling on macOS Writer: scroll
lag
tdf#156565 FILESAVE PDF Using tabulator inside a link results to a PAC2021
"Inconsistent entry found" error
tdf#157589 PDF: Conversion of pdf to docx or doc collapses all content onto one page
tdf#157768 Highlighted no-break space not rendered in pdf and print-preview
tdf#157816 PAC gives >"Link" annotation is not nested inside a "Link" structure
element< error with references and caption frame
tdf#157911 Wrong borders for tables split across multiple pages
tdf#157992 UI Changing a spelling error in the spelling dialog removes footnote from
the edited sentence
tdf#158044 RTF import paragraph style attribute handling wrong
tdf#158072 Fails to apply AutoFilter or Standard Filter in Mail Merge dialog after
it was applied once successfully (Writer+Calc)
tdf#158083 FILESAVE RTF Images are saved twice
tdf#158090 No way to run signed macros from unsigned document in Medium security level
tdf#158094 Can't remove trusted certificate in Macro Security
tdf#158117 LanguageTool integration: "+" character not recognized for the user ID
tdf#158121 Math - Print settings not read after changing
tdf#158169 Crash when using multiple Views
tdf#158171 Crash when double-clicking DeepL translation dialog OK button
tdf#158202 Candy template turns blue when applied a second time from sidebar's
Master Slides deck
tdf#158203 Freshes template turns blue when applied a second time from sidebar's
Master Slides deck
tdf#158204 Midnightblue template turns light blue if applied from sidebar's Master
Slides deck
tdf#158224 EDITING CRASH Cannot convert bitmap to polygons [Noel Grandin]
tdf#158265 Cell Format Date changes cell value in case of high resolution date/time
values
tdf#158307 Android Viewer: Formula bar in Calc partially cut off with large font
size (Accessibility)
tdf#158331 Android Viewer: "Save as" creates 0 byte file (with Experimentation Mode
turned off)
tdf#158336 "**Expression is Faulty**" after copying/pasting formula in another table
tdf#158338 Opening file with image when JAWS is running causes endless loop
tdf#158341 FILEOPEN DOCX Endless loop on opening file
tdf#158396 Frame title should show DocumentTitle when set in MediaDescriptor
tdf#158398 Android Viewer: Improve display of spreadsheet row/column headers
comment:6 by , 5 months ago
| Priority: | normal → high |
|---|
This version fixes CVE-2023-6345, the critical Skia security vulnerability that's under active exploitation (we fixed this in qtwebengine on 12/01/2023): https://git.libreoffice.org/core/+/f1b017b19918df3406e77992ff499207235952c0
This is going to need a security advisory.
comment:7 by , 5 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 8d0bd18ad54347749dec129ebae20bd15d1ec686
I filed SA-12.0-054. The attack vector would be a malicious image inside of a document.
comment:8 by , 4 months ago
The security advisory needs to be updated. Two additional vulnerabilities were fixed - CVE-2023-6185, and CVE-2023-6186
comment:9 by , 4 months ago
CVE-2023-6185: LibreOffice supports embedded videos in file formats via platform audio/video support. Typically under Linux this is via gstreamer. In affected version of LibreOffice the filename of the embedded video is not sufficiently escaped when passed to gstreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
CVE-2023-6186: LibreOffice supports hyperlinks. In addition to the typical common protocols such as http/https hyperlinks can also have target URLs that can launch built-in macros or dispatch built-in internal commands. In affected version of LibreOffice there are scenarios where these can be executed without warning if the user activates such hyperlinks. In later versions the users's explicit macro execution permissions for the document are now consulted if these non-typical hyperlinks can be executed. The possibility to use these variants of hyperlink targets for floating frames has been removed.
Updated SA-12.0-054 to record new details on these vulnerabilities.
Patch for libxml2-2.12.x and sed for ICU 74+ are still needed.