UbuntuUpdates.org

Package "libreoffice"

Name: libreoffice

Description:

office productivity suite (metapackage)

Latest version: 1:6.0.7-0ubuntu0.18.04.9
Release: bionic (18.04)
Level: updates
Repository: universe
Homepage: http://www.libreoffice.org

Links

Save this URL for the latest version of "libreoffice": https://www.ubuntuupdates.org/libreoffice


Download "libreoffice"


Other versions of "libreoffice" in Bionic

Repository Area Version
base main 1:6.0.3-0ubuntu1
base universe 1:6.0.3-0ubuntu1
security main 6.0.7-0ubuntu0.18.04.9
security universe 1:6.0.7-0ubuntu0.18.04.9
updates main 6.0.7-0ubuntu0.18.04.9
PPA: Mint Import 1:4.4.3~rc2-0ubuntu1~trusty1
PPA: Mint Import 1:5.0.3~rc2-0ubuntu1~trusty2
PPA: LibreOffice 1:6.3.1~rc2-0ubuntu0.18.04.1~lo1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1:6.0.7-0ubuntu0.18.04.9 2019-08-19 13:09:02 UTC

  libreoffice (1:6.0.7-0ubuntu0.18.04.9) bionic-security; urgency=medium

  * SECURITY UPDATE: Insufficient URL validation allowing LibreLogo script execution
    - debian/patches/CVE-2019-9850_1_2.diff: decode escape codes and ban scripts
      with "LibreLogo" anywhere in its path.
    - CVE-2019-9850
  * SECURITY UPDATE: LibreLogo global-event script execution
    - debian/patches/CVE-2019-9850_1_2.diff: catch more LibreLogo script executions
      by expanding check to global events.
    - CVE-2019-9851
  * SECURITY UPDATE: Insufficient URL encoding flaw in allowed script location check
    - debian/patches/CVE-2019-9850_1_2.diff: ensure that all URLs leaving
      scriptURI2StorageUri() are percent-encoded.
    - CVE-2019-9852

 -- Marcus Tomlinson <email address hidden> Wed, 14 Aug 2019 15:15:42 +0100

Source diff to previous version
CVE-2019-9850 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained
CVE-2019-9851 LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained
CVE-2019-9852 LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document

Version: 1:6.0.7-0ubuntu0.18.04.8 2019-07-17 20:07:27 UTC

  libreoffice (1:6.0.7-0ubuntu0.18.04.8) bionic-security; urgency=medium

  * SECURITY UPDATE: LibreLogo arbitrary script execution
    - debian/patches/CVE-2019-9848.diff: don't allow LibreLogo to be used with
      mouseover/etc dom-alike events.
    - CVE-2019-9848
  * SECURITY UPDATE: Remote bullet graphics retrieved in 'stealth mode'
    - debian/patches/CVE-2019-9849.diff: include bullet graphics in 'stealth
      mode' protection.
    - CVE-2019-9849

 -- Marcus Tomlinson <email address hidden> Tue, 16 Jul 2019 17:28:21 +0100

Source diff to previous version
CVE-2019-9848 LibreLogo arbitrary script execution
CVE-2019-9849 remote bullet graphics retrieved in 'stealth mode'

Version: 1:6.0.7-0ubuntu0.18.04.7 2019-07-02 18:07:27 UTC

  libreoffice (1:6.0.7-0ubuntu0.18.04.7) bionic; urgency=medium

  * debian/patches/cpdmgr-check-dbus-desc.diff (LP: #1798074):
    - Only create CPDManager if D-Bus descriptions present.
    - Fixes LibreOffice startup crash when CPD packages installed.

 -- Marcus Tomlinson <email address hidden> Fri, 31 May 2019 11:43:00 +0100

Source diff to previous version
1798074 LIbreoffice crashes on startup

Version: 1:6.0.7-0ubuntu0.18.04.6 2019-05-30 10:07:10 UTC

  libreoffice (1:6.0.7-0ubuntu0.18.04.6) bionic; urgency=medium

  [ Ikuya Awashiro ]
  * debian/patches/new-japanese-era-name.patch (LP: #1827451):
    Add new Japanse era name "Reiwa" support which taken from upstream:
    https://cgit.freedesktop.org/libreoffice/core/commit/?id=cacbb0faef77ae8462de9ff5c7307a6a2e28b2bb
    https://cgit.freedesktop.org/libreoffice/core/commit/?id=597c5d75b8e72d429e096535334eaac7973455ef

  [ Olivier Tilloy ]
  * debian/patches/java.vendor-Ubuntu.patch: update to also recognize
    "Private Build" as java.vendor (for custom PPA builds) (LP: #1822839)
  * debian/patches/java.vendor-Ubuntu.patch: also make jvmfwk recognize
    "Ubuntu" as java.vendor (LP: #1822839)

  [ Rene Engelhard ]
  * debian/patches/java.vendor-Debian.diff: make jvmfwk recognize "Debian"
    as java.vendor as that's what is set in openjdk 11 >= 11.0.3+4-2
    - see #926009 (closes: #926318) (LP: #1822839)
  * debian/control.gtk3.in:
    - make libreoffice-gtk3 recommend gstreamer1.0-gtk3 (LP: #1820062)

 -- Marcus Tomlinson <email address hidden> Tue, 07 May 2019 12:35:49 +0100

Source diff to previous version
1827451 Japanese new era \
1820062 LibreOffice Impress embed video problem (libreoffice-gtk3)
926318 LibreOffice does not recognize new "Debian" JDK (openjdk 11 >= 11.0.3+4-2) - Debian Bug report logs

Version: 1:6.0.7-0ubuntu0.18.04.5 2019-04-16 18:07:19 UTC

  libreoffice (1:6.0.7-0ubuntu0.18.04.5) bionic; urgency=medium

  * debian/patches/jdk-11.0.2-javadoc.diff: fix architecture-independent build
    with OpenJDK 11 (debian bug #920331)




About   -   Send Feedback to @ubuntu_updates