[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-27 Thread Marc Deslauriers
These updates have been published. Thanks! https://ubuntu.com/security/notices/USN-7228-1 ** Changed in: libreoffice (Ubuntu Focal) Status: In Progress => Fix Released ** Changed in: libreoffice (Ubuntu Jammy) Status: In Progress => Fix Released ** Changed in: libreoffice (Ubuntu

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-24 Thread Marc Deslauriers
Thanks for these! I'll upload them for building and will release them when done. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095307 Title: CVE-2024-12425 and CVE-2024-12426 To manage notificatio

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-24 Thread Rico Tzschichholz
** Description changed: CVE-2024-12425: "Path traversal leading to arbitrary .ttf file write" https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425/ https://ubuntu.com/security/CVE-2024-12425 - CVE-2024-12426: "URL fetching can be used to exfiltrate arbitrary INI file

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-24 Thread Rico Tzschichholz
https://launchpad.net/~ricotz/+archive/ubuntu/ppa/+sourcepub/16934879/+listing- archive-extra ** Patch added: "libreoffice_6.4.7-0ubuntu0.20.04.13.diff" https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2095307/+attachment/5853641/+files/libreoffice_6.4.7-0ubuntu0.20.04.13.diff -- Y

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-24 Thread Rico Tzschichholz
https://launchpad.net/~ricotz/+archive/ubuntu/ppa/+sourcepub/16934335/+listing- archive-extra ** Changed in: libreoffice (Ubuntu Focal) Importance: Undecided => High ** Changed in: libreoffice (Ubuntu Focal) Status: New => In Progress ** Changed in: libreoffice (Ubuntu Focal) Assi

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-24 Thread Rico Tzschichholz
https://launchpad.net/~ricotz/+archive/ubuntu/ppa/+sourcepub/16934338/+listing- archive-extra ** Patch added: "libreoffice_24.2.7-0ubuntu0.24.04.2.diff" https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2095307/+attachment/5853640/+files/libreoffice_24.2.7-0ubuntu0.24.04.2.diff -- Y

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-23 Thread Rico Tzschichholz
** Patch removed: "libreoffice_24.2.7-0ubuntu0.24.04.2.diff" https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2095307/+attachment/5853491/+files/libreoffice_24.2.7-0ubuntu0.24.04.2.diff ** Changed in: libreoffice (Ubuntu Jammy) Status: New => In Progress ** Changed in: libreo

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-22 Thread Rico Tzschichholz
Test build was done at https://launchpad.net/~ricotz/+archive/ubuntu/ppa/+sourcepub/16889631/+listing- archive-extra ** Patch added: "libreoffice_24.2.7-0ubuntu0.24.04.2.diff" https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2095307/+attachment/5853491/+files/libreoffice_24.2.7-0ubun

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-20 Thread Rico Tzschichholz
** Changed in: libreoffice (Ubuntu Noble) Status: New => In Progress ** Changed in: libreoffice (Ubuntu Noble) Importance: Undecided => Critical ** Changed in: libreoffice (Ubuntu Noble) Importance: Critical => High ** Changed in: libreoffice (Ubuntu Oracular) Importance: Undecid

[Bug 2095307] Re: CVE-2024-12425 and CVE-2024-12426

2025-01-20 Thread Rico Tzschichholz
For oracular, the security no-change rebuild can be issued after the SRU was accepted into oracular-updates https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2091971 ** Changed in: libreoffice (Ubuntu Oracular) Status: New => In Progress -- You received this bug notification bec