From 539507389c94b6feeb78f674acbf1bf8ce20ef79 Mon Sep 17 00:00:00 2001 From: Paul Menzel Date: Sat, 10 Feb 2018 11:43:38 +0100 Subject: [PATCH] libreoffice: Update version from 6.0.0.3 to 6.0.1.1 This fixes [CVE-2018-1055][1]/[CVE-2018-6871][2]. [An exploit is available.][3]. [Description][4]: > LibreOffice Calc supports a WEBSERVICE function to obtain data by URL. > Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file > URL (e.g file://) which can be used to inject local files into the > spreadsheet without warning the user. Subsequent formulas can operate on > that inserted data and construct a remote URL whose path leaks the local > data to a remote attacker. > > In later versions of LibreOffice without this flaw, WEBSERVICE has now > been limited to accessing http and https URLs along with bringing > WEBSERVICE URLs under LibreOffice Calc's link management infrastructure. [1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1055 [2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871 [3]: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure [4]: https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/ --- libreoffice.be0 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libreoffice.be0 b/libreoffice.be0 index 9fb8ed82e..5e9ad3a46 100755 --- a/libreoffice.be0 +++ b/libreoffice.be0 @@ -1,6 +1,6 @@ #!/usr/bin/env beesh -# BEE_VERSION libreoffice-6.0.0.3-0 +# BEE_VERSION libreoffice-6.0.1.1-0 ## this file was created by bee init and should be executed to build a ## bee-package. (Additional hints are located at the end of this file.)