Hello Emilio, as the libreoffice entry is the oldest one without update[1] I decided to take a look at the issues (even though it's assigned to you).
For CVE-2017-12607 I believe that wheezy is not affected as the patch shown below merely ensures that nLevelAnz does not overflow nMaxPPTLevels (= 5). https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1 And in the wheezy code, we already have such a check (line 4112 of filter/source/msfilter/svdfppt.cxx): sal_uInt16 nLevelAnz; rIn >> nLevelAnz; if ( nLevelAnz > 5 ) { OSL_FAIL( "PPTStyleSheet::Ppt-TextStylesheet hat mehr als 5 Ebenen! (SJ)" ); nLevelAnz = 5; } For CVE-2017-12608, the problem seems to exist as the code is very close. Applying/backporting the patch looks trivial. Furthermore in both cases, the commit contains a test file that could be used to (at least manually) verify the fix. I don't really see why this update has been stalled for so long. Please go ahead with the update or unlock the package so that someone else can take over. Cheers, [1] As shown by bin/review-update-needed --lts: Package: libreoffice Claimed-By: Emilio Pozuelo Claimed-Date: 2017-05-31 17:29 (166 days ago) -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
