** Changed in: libreoffice (Ubuntu Noble)
Status: New => In Progress
** Changed in: libreoffice (Ubuntu Noble)
Importance: Undecided => Critical
** Changed in: libreoffice (Ubuntu Noble)
Importance: Critical => High
** Changed in: libreoffice (Ubuntu Oracular)
Importance: Undecided => High
** Changed in: libreoffice (Ubuntu Noble)
Assignee: (unassigned) => Rico Tzschichholz (ricotz)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/2095307
Title:
CVE-2024-12425 and CVE-2024-12426
Status in libreoffice package in Ubuntu:
Fix Released
Status in libreoffice source package in Focal:
New
Status in libreoffice source package in Jammy:
New
Status in libreoffice source package in Noble:
In Progress
Status in libreoffice source package in Oracular:
In Progress
Status in libreoffice source package in Plucky:
Fix Released
Bug description:
CVE-2024-12425: "Path traversal leading to arbitrary .ttf file write"
https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425/
https://ubuntu.com/security/CVE-2024-12425
CVE-2024-12426: "URL fetching can be used to exfiltrate arbitrary INI file
values and environment variables"
https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426/
https://ubuntu.com/security/CVE-2024-12426
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2095307/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
