Package "libreoffice-librelogo"

Name: libreoffice-librelogo


Logo-like progamming language for LibreOffice

Latest version: 1:4.2.8-0ubuntu5.5
Release: trusty (14.04)
Level: security
Repository: universe
Head package: libreoffice
Homepage: http://www.libreoffice.org


Download "libreoffice-librelogo"

Other versions of "libreoffice-librelogo" in Trusty

Repository Area Version
base universe 1:4.2.3~rc3-0ubuntu2
updates universe 1:4.2.8-0ubuntu5.5
PPA: LibreOffice 1:6.1.5~rc2-0ubuntu0.14.04.1~lo3


Version: 1:4.2.8-0ubuntu5.5 2019-02-06 16:08:01 UTC

  libreoffice (1:4.2.8-0ubuntu5.5) trusty-security; urgency=medium

  * SECURITY UPDATE: incorrect integer data type in StgSmallStrm class
    - debian/patches/CVE-2018-10119.patch: use short->sal_Int32 like in
      StgDataStrm in sot/source/sdstor/stgstrms.cxx.
    - CVE-2018-10119
  * SECURITY UPDATE: heap-based buffer overflow in SwCTBWrapper::Read
    - debian/patches/CVE-2018-10120.patch: check index before use in
    - CVE-2018-10120
  * SECURITY UPDATE: information disclosure vulnerability via SMB link
    - debian/patches/CVE-2018-10583.patch: set Referer on link
      mediadescriptor in sw/source/filter/xml/xmltexti.cxx.
    - CVE-2018-10583
  * SECURITY UPDATE: overflow during string length calculation
    - debian/patches/CVE-2018-11790.patch: fix indexes in
    - CVE-2018-11790
  * SECURITY UPDATE: Directory traversal flaw in script execution
    - debian/patches/CVE-2018-16858.patch: keep pyuno script processing
      below base uri in scripting/source/pyprov/pythonscript.py.
    - CVE-2018-16858

 -- Marc Deslauriers <email address hidden> Mon, 28 Jan 2019 12:07:29 -0500

Source diff to previous version
CVE-2018-10119 sot/source/sdstor/stgstrms.cxx in LibreOffice before and 6.x before uses an incorrect integer data type in the StgSmallStrm class, wh
CVE-2018-10120 The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx in LibreOffice before and 6.x before does not validate a custo
CVE-2018-10583 An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB co
CVE-2018-11790 When loading a document with Apache Open Office 4.1.5 and earlier with smaller end line termination than the operating system uses, the defect occurs
CVE-2018-16858 Remote Code Execution via Macro/Event execution

Version: 1:4.2.8-0ubuntu5.3 2018-02-21 21:09:19 UTC

  libreoffice (1:4.2.8-0ubuntu5.3) trusty-security; urgency=medium

  * SECURITY UPDATE: remote arbitrary file disclosure vulnerability using
    - debian/patches/CVE-2018-6871.patch: limit WEBSERVICE to http[s]
    - CVE-2018-6871
  * SECURITY UPDATE: use-after-free in SwRootFrame
    - debian/patches/layout-footnote-use-after-free.diff: fix layout
      footnote use-after-free in SwRootFrame.
    - No CVE number.

 -- Olivier Tilloy <email address hidden> Mon, 19 Feb 2018 14:17:49 +0100

Source diff to previous version
CVE-2018-6871 LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers to read arbitrary files via =WEBSERVICE calls in a document, which use the COM.

Version: 1:4.2.8-0ubuntu5.2 2017-11-02 14:06:34 UTC

  libreoffice (1:4.2.8-0ubuntu5.2) trusty-security; urgency=medium

  * SECURITY UPDATE: Out-of-Bounds Write in Impress' PPT Filter
    - debian/patches/CVE-2017-12607.patch: limit PPT levels in
    - CVE-2017-12607
  * SECURITY UPDATE: Out-of-Bounds Write in Writer's ImportOldFormatStyles
    - debian/patches/CVE-2017-12608.patch: check sizes in
    - CVE-2017-12608

 -- Marc Deslauriers <email address hidden> Wed, 01 Nov 2017 08:24:05 -0400

Source diff to previous version

Version: 1:4.2.8-0ubuntu5.1 2017-05-02 19:07:02 UTC

  libreoffice (1:4.2.8-0ubuntu5.1) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in tools::Polygon::Insert function
    - debian/patches/CVE-2017-7870.patch: check if ImplSplit succeeded in
      tools/inc/poly.h, tools/source/generic/poly.cxx.
    - CVE-2017-7870

 -- Marc Deslauriers <email address hidden> Fri, 28 Apr 2017 10:47:51 -0400

Source diff to previous version
CVE-2017-7870 LibreOffice before 2017-01-02 has an out-of-bounds write caused by a heap-based buffer overflow related to the tools::Polygon::Insert function in too

Version: 1:4.2.8-0ubuntu5 2017-02-23 16:06:54 UTC

  libreoffice (1:4.2.8-0ubuntu5) trusty-security; urgency=medium

  * SECURITY UPDATE: arbitrary file read via link update
    - debian/patches/olefix.diff
    - CVE-2017-3157

 -- Bjoern Michaelsen <email address hidden> Mon, 21 Nov 2016 13:37:38 +0100

About   -   Send Feedback to @ubuntu_updates