** Description changed: CVE-2024-12425: "Path traversal leading to arbitrary .ttf file write" https://www.libreoffice.org/about-us/security/advisories/cve-2024-12425/ https://ubuntu.com/security/CVE-2024-12425 - CVE-2024-12426: "URL fetching can be used to exfiltrate arbitrary INI file values and environment variables" https://www.libreoffice.org/about-us/security/advisories/cve-2024-12426/ https://ubuntu.com/security/CVE-2024-12426 + + + focal: https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/focal-6.4 + jammy: https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/jammy-7.3 + noble: https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/noble-24.2
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2095307 Title: CVE-2024-12425 and CVE-2024-12426 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2095307/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
