[Desktop-packages] [Bug 2044019] Re: [SRU] libreoffice 7.6.4 for mantic

[Launchpad Bug Tracker]

This bug was fixed in the package libreoffice - 4:7.6.4-0ubuntu0.23.10.1

---------------
libreoffice (4:7.6.4-0ubuntu0.23.10.1) mantic-security; urgency=medium

  * New upstream release (LP: #2044019)
  * SECURITY UPDATE: Improper input validation enabling arbitrary Gstreamer
    pipeline injection
    - CVE-2023-6185
  * SECURITY UPDATE: Link targets allow arbitrary script execution
    - CVE-2023-6186

  [ Rico Tzschichholz ]
  * debian/patches/fix-arm64-tests.diff:
    - Dropped while it got fixed upsteam
  * debian/patches/fix-armhf-linker.diff:
    - Included upsteam now
  * Update replace-source-sans-in-templates.diff

  [ Rene Engelhard ]
  * debian/rules:
    - readd fonts-crosextra-caladea build-dep; Cambria usage is back
    - re-enable cmis; bump libcmis build-dep to >= 0.6.1
  * debian/control.in:
    - duplicate Replaces: as Breaks: in -uiconfig-*
  * Update patches/we-dont-have-the-needed-fonts.diff and
    patches/adapt-for-new-carlito.diff

 -- Rico Tzschichholz <ric...@ubuntu.com>  Thu, 07 Dec 2023 22:10:12
+0100

** Changed in: libreoffice (Ubuntu Mantic)
       Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6185

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-6186

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/2044019

Title:
  [SRU] libreoffice 7.6.4 for mantic

Status in libreoffice package in Ubuntu:
  Fix Released
Status in libreoffice source package in Mantic:
  Fix Released

Bug description:
  [Impact]

   * LibreOffice 7.6.4 is in its forth bugfix release of the 7.6 line:
       https://wiki.documentfoundation.org/ReleasePlan/7.6#7.6.4_release

   * Version 7.6.2 is currently released in mantic. For a list of fixed bugs 
compared to 7.6.2 see the list of bugs fixed in the release candidates of 7.6.4 
(that's a total of 157 bugs):
       https://wiki.documentfoundation.org/Releases/7.6.3/RC1#List_of_fixed_bugs
       https://wiki.documentfoundation.org/Releases/7.6.3/RC2#List_of_fixed_bugs
       https://wiki.documentfoundation.org/Releases/7.6.4/RC1#List_of_fixed_bugs

       7.6.4 RC1 is identical to the 7.6.4 release

   * Given the nature of the project, the complexity of the codebase and
  the high level of quality assurance upstream, it is preferable to SRU
  a minor release rather than cherry-pick selected bug fixes.

  [Testing]

   * Upstream testing. Bugs fixed upstream typically include
  unit/regression tests, and the release itself is extensively exercised
  (both in an automated manner and manually).

    * A recent set of upstream's automated jenkins testing can be found here:
      https://ci.libreoffice.org/job/gerrit_76/1558/

    * More information about the upstream QA testing can be found here:
      * Automated tests
        https://wiki.documentfoundation.org/QA/Testing/Automated_Tests
      * Automated UI tests
        https://wiki.documentfoundation.org/Development/UITests
      * Regression tests
        https://wiki.documentfoundation.org/QA/Testing/Regression_Tests
      * Feature tests
        https://wiki.documentfoundation.org/QA/Testing/Feature_Tests

   * Launchpad testing. The libreoffice packages include autopkgtests that were 
run and verified as passing.
      Tested build can be found at 
https://launchpad.net/~ricotz/+archive/ubuntu/ppa/+sourcepub/15417677/+listing-archive-extra
      * [amd64] 
https://autopkgtest.ubuntu.com/results/autopkgtest-mantic-ricotz-ppa/mantic/amd64/libr/libreoffice/20231208_113305_ce7d3@/log.gz
      * [arm64] 
https://autopkgtest.ubuntu.com/results/autopkgtest-mantic-ricotz-ppa/mantic/arm64/libr/libreoffice/20231208_181454_f665b@/log.gz
      * [armhf] ... (autopkgtests infra problems on this arch)
      * [ppc64el] 
https://autopkgtest.ubuntu.com/results/autopkgtest-mantic-ricotz-ppa/mantic/ppc64el/libr/libreoffice/20231208_140510_db345@/log.gz
      * [riscv64] not available
      * [s390x] 
https://autopkgtest.ubuntu.com/results/autopkgtest-mantic-ricotz-ppa/mantic/s390x/libr/libreoffice/20231208_142154_9eaf6@/log.gz
   * General smoke testing of all the applications in the office suite were 
carried out by going through the manual testplan as documented by: 
https://wiki.ubuntu.com/Process/Merges/TestPlans/libreoffice

  [Regression Potential]

   * A minor release with a total of 157 bug fixes always carries the
  potential for introducing regressions, even though it is a bugfix-only
  release, meaning that no new features were added, and no existing
  features were removed.

   * A combination of autopkgtests and careful smoke testing as
  described above should provide reasonable confidence that no
  regressions sneaked in.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2044019/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp