[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 3792-1] libreoffice security update

Hi René,

2017-02-24 7:39 GMT+01:00 Rene Engelhard <rene@debian.org>:
> Hi,
>
> On Thu, Feb 23, 2017 at 11:13:34PM +0100, Moritz Muehlenhoff wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>>
>> - -------------------------------------------------------------------------
>> Debian Security Advisory DSA-3792-1                   security@debian.org
>> https://www.debian.org/security/                       Moritz Muehlenhoff
>> February 23, 2017                     https://www.debian.org/security/faq
>> - -------------------------------------------------------------------------
>>
>> Package        : libreoffice
>> CVE ID         : CVE-2017-3157
>>
>> Ben Hayak discovered that objects embedded in Writer and Calc documents
>> may result in information disclosure. Please see
>> https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
>> for additional information.
>
> I have also prepared it for wheezy-lts. Should build (my build is
> still running), basically just took the patch from Ubuntu (in contrast to
> the 4.3.3 jessie update where I needed to forward-port the backported patch ;-))
>
> See https://people.debian.org/~rene/libreoffice/3.5.4/ for source and debdiff.
>
> You could "sponsor" it like the last times or I can upload it if my build
> finishes. Whatever you prefer.

Thank you for the patch!
I will take care of the upload and the DLA like last time.

Cheers,
Balint
Reply to: