Skip to content
Jump to bottom

Update LibreOffice from 6.0.0.3 to 6.0.1.1 #612

Merged
merged 1 commit into from
Feb 12, 2018
Merged

Update LibreOffice from 6.0.0.3 to 6.0.1.1 #612

merged 1 commit into from
Feb 12, 2018

Conversation

pmenzel
Copy link
Collaborator

@pmenzel pmenzel commented Feb 11, 2018

No description provided.

@pmenzel
libreoffice: Update version from 6.0.0.3 to 6.0.1.1
5395073 
This fixes [CVE-2018-1055][1]/[CVE-2018-6871][2]. [An exploit is available.][3].

[Description][4]:

> LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
> Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file
> URL (e.g file://) which can be used to inject local files into the
> spreadsheet without warning the user. Subsequent formulas can operate on
> that inserted data and construct a remote URL whose path leaks the local
> data to a remote attacker.
>
> In later versions of LibreOffice without this flaw, WEBSERVICE has now
> been limited to accessing http and https URLs along with bringing
> WEBSERVICE URLs under LibreOffice Calc's link management infrastructure.

[1]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1055
[2]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
[3]: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
[4]: https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/
@donald donald merged commit 8bdb7cc into master Feb 12, 2018
@donald donald deleted the update-libreoffice-from-6.0.0.3-to-6.0.1.1 branch February 14, 2018 15:05
Sign in to join this conversation on GitHub.
Reviewers
No reviews
Assignees
No one assigned
Labels
untested
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@pmenzel @donald