[Desktop-packages] [Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

Fri, 24 Jan 2025 06:46:26 -0800 

** Description changed:

  CVE-2024-12425: "Path traversal leading to arbitrary .ttf file write"
  https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425/
  https://ubuntu.com/security/CVE-2024-12425
  
- 
  CVE-2024-12426: "URL fetching can be used to exfiltrate arbitrary INI file 
values and environment variables"
  https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426/
  https://ubuntu.com/security/CVE-2024-12426
+ 
+ 
+ focal: 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/focal-6.4
+ jammy: 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/jammy-7.3
+ noble: 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/noble-24.2

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/2095307

Title:
  CVE-2024-12425 and CVE-2024-12426

Status in libreoffice package in Ubuntu:
  Fix Released
Status in libreoffice source package in Focal:
  In Progress
Status in libreoffice source package in Jammy:
  In Progress
Status in libreoffice source package in Noble:
  In Progress
Status in libreoffice source package in Oracular:
  In Progress
Status in libreoffice source package in Plucky:
  Fix Released

Bug description:
  CVE-2024-12425: "Path traversal leading to arbitrary .ttf file write"
  https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425/
  https://ubuntu.com/security/CVE-2024-12425

  CVE-2024-12426: "URL fetching can be used to exfiltrate arbitrary INI file 
values and environment variables"
  https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426/
  https://ubuntu.com/security/CVE-2024-12426

  
  focal: 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/focal-6.4
  jammy: 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/jammy-7.3
  noble: 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/noble-24.2

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2095307/+subscriptions


-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to     : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to