UbuntuUpdates.org

Package "libreoffice-l10n-kmr"

Name: libreoffice-l10n-kmr

Description:

office productivity suite -- Kurmanji language package

Latest version: 1:6.4.7-0ubuntu0.20.04.6
Release: focal (20.04)
Level: updates
Repository: main
Head package: libreoffice
Homepage: http://www.libreoffice.org

Links


Download "libreoffice-l10n-kmr"


Other versions of "libreoffice-l10n-kmr" in Focal

Repository Area Version
base main 1:6.4.2-0ubuntu3
security main 1:6.4.7-0ubuntu0.20.04.6
backports main 1:7.3.7-0ubuntu0.22.04.1~bpo20.04.1
PPA: LibreOffice 1:7.4.2~rc3-0ubuntu0.20.04.1~lo1

Changelog

Version: 1:6.4.7-0ubuntu0.20.04.6 2022-10-20 16:07:26 UTC

  libreoffice (1:6.4.7-0ubuntu0.20.04.6) focal-security; urgency=medium

  * SECURITY UPDATE: arbitrary script execution via Office URI Schemes
    - debian/patches/CVE-2022-3140-1.patch: commands are always URLs in
      wizards/source/access2base/DoCmd.xba.
    - debian/patches/CVE-2022-3140-2.patch: filter out unwanted command
      URIs in desktop/source/app/cmdlineargs.cxx.
    - debian/patches/CVE-2022-3140-3.patch: check IFrame FrameURL target in
      sfx2/source/appl/macroloader.cxx, sfx2/source/doc/iframe.cxx,
      sfx2/source/inc/macroloader.hxx, sw/source/filter/html/htmlplug.cxx,
      sw/source/filter/xml/xmltexti.cxx.
    - debian/patches/CVE-2022-3140-4.patch: check impress/calc IFrame
      FrameURL target in xmloff/source/draw/ximpshap.cxx.
    - CVE-2022-3140

 -- Marc Deslauriers <email address hidden> Fri, 14 Oct 2022 08:58:04 -0400

Source diff to previous version
CVE-2022-3140 LibreOffice supports Office URI Schemes to enable browser integration of LibreOffice with MS SharePoint server. An additional scheme 'vnd.libreoffice

Version: 1:6.4.7-0ubuntu0.20.04.5 2022-10-06 16:06:21 UTC

  libreoffice (1:6.4.7-0ubuntu0.20.04.5) focal-security; urgency=medium

  * SECURITY UPDATE: Improper Certificate Validation vulnerability
    - debian/patches/CVE-2022-26305.patch: compare authors using Thumbprint
      in xmlsecurity/source/component/documentdigitalsignatures.cxx.
    - CVE-2022-26305
  * SECURITY UPDATE: stored passwords IV always the same
    - debian/patches/CVE-2022-26306.patch: add Initialization Vectors to
      password storage in
      officecfg/registry/schema/org/openoffice/Office/Common.xcs,
      svl/source/passwordcontainer/passwordcontainer.cxx,
      svl/source/passwordcontainer/passwordcontainer.hxx.
    - CVE-2022-26306
  * SECURITY UPDATE: password storage master key weak entropy
    - debian/patches/CVE-2022-26307-1.patch: make hash encoding match
      decoding in
      officecfg/registry/schema/org/openoffice/Office/Common.xcs,
      svl/source/passwordcontainer/passwordcontainer.cxx,
      svl/source/passwordcontainer/passwordcontainer.hxx,
      uui/source/iahndl-authentication.cxx.
    - debian/patches/CVE-2022-26307-2.patch: add infobar to prompt to
      refresh to replace old format in include/sfx2/strings.hrc,
      include/sfx2/viewfrm.hxx, sfx2/source/view/viewfrm.cxx.
    - CVE-2022-26307

 -- Marc Deslauriers <email address hidden> Thu, 29 Sep 2022 08:40:35 -0400

Source diff to previous version
CVE-2022-26305 An Improper Certificate Validation vulnerability in LibreOffice existed where determining if a macro was signed by a trusted author was done by only
CVE-2022-26306 LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a sin
CVE-2022-26307 LibreOffice supports the storage of passwords for web connections in the user’s configuration database. The stored passwords are encrypted with a sin

Version: 1:6.4.7-0ubuntu0.20.04.4 2022-03-15 20:07:28 UTC

  libreoffice (1:6.4.7-0ubuntu0.20.04.4) focal-security; urgency=medium

  * SECURITY UPDATE: Improper certificate validation
    - debian/patches/CVE-2021-25636.patch: only use X509Data in
      xmlsecurity/inc/xmlsec-wrapper.h,
      xmlsecurity/source/xmlsec/mscrypt/xmlsignature_mscryptimpl.cxx,
      xmlsecurity/source/xmlsec/nss/xmlsignature_nssimpl.cxx.
    - CVE-2021-25636
  * debian/rules: limit NUM_CPUS to 3 on amd64 to fix FTBFS.

 -- Marc Deslauriers <email address hidden> Mon, 14 Mar 2022 11:28:35 -0400

Source diff to previous version
CVE-2021-25636 LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occur

Version: 1:6.4.7-0ubuntu0.20.04.2 2021-11-22 15:06:41 UTC

  libreoffice (1:6.4.7-0ubuntu0.20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Improper certificate validation
    - debian/patches/CVE-2021-2563x-*.patch: multiple commits to fix
      security issues.
    - CVE-2021-25633
    - CVE-2021-25634

 -- Marc Deslauriers <email address hidden> Tue, 16 Nov 2021 12:42:50 -0500

Source diff to previous version
CVE-2021-25633 LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occur
CVE-2021-25634 LibreOffice supports digital signatures of ODF documents and macros within documents, presenting visual aids that no alteration of the document occur

Version: 1:6.4.7-0ubuntu0.20.04.1 2021-04-15 11:06:22 UTC

  libreoffice (1:6.4.7-0ubuntu0.20.04.1) focal; urgency=medium

  * New upstream release (LP: #1906684)
  * Move libreoffice-sdbc-hsqldb to Recommends (LP: #1916786)
  * Fix Calc crash in ScSelectionTransferObj (LP: #1897784)

 -- Rico Tzschichholz <email address hidden> Mon, 15 Mar 2021 19:12:01 +0100

1906684 [SRU] libreoffice 6.4.7 for Focal
1916786 weak dependency to libreoffice-sdbc-hsqldb
1897784 /usr/lib/libreoffice/program/soffice.bin:11:ScSelectionTransferObj::~ScSelectionTransferObj:ScSelectionTransferObj::~ScSelectionTransferObj:com::sun:



About   -   Send Feedback to @ubuntu_updates