Skip to content

Commit

Permalink
libreoffice: Update version from 6.0.0.3 to 6.0.1.1
Browse files Browse the repository at this point in the history 
This fixes [CVE-2018-1055][1]/[CVE-2018-6871][2]. [An exploit is available.][3].

[Description][4]:

> LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
> Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file
> URL (e.g file://) which can be used to inject local files into the
> spreadsheet without warning the user. Subsequent formulas can operate on
> that inserted data and construct a remote URL whose path leaks the local
> data to a remote attacker.
>
> In later versions of LibreOffice without this flaw, WEBSERVICE has now
> been limited to accessing http and https URLs along with bringing
> WEBSERVICE URLs under LibreOffice Calc's link management infrastructure.

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1055
[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
[3]: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
[4]: https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/
  • Loading branch information
@pmenzel
pmenzel committed Feb 11, 2018
1 parent 8f88141 commit 5395073
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion libreoffice.be0
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/usr/bin/env beesh

# BEE_VERSION libreoffice-6.0.0.3-0
# BEE_VERSION libreoffice-6.0.1.1-0

## this file was created by bee init and should be executed to build a
## bee-package. (Additional hints are located at the end of this file.)
Expand Down

0 comments on commit 5395073

Please sign in to comment.