File _patchinfo of Package patchinfo.12309

<patchinfo incident="12309">
  <issue tracker="bnc" id="1146098">VUL-0: CVE-2019-9850: libreoffice:  Insufficient url validation allowing LibreLogo script execution</issue>
  <issue tracker="bnc" id="1141861">VUL-1: CVE-2019-9849: libreoffice: remote bullet graphics retrieved in 'stealth mode'</issue>
  <issue tracker="bnc" id="1141862">VUL-1: CVE-2019-9848: libreoffice: LibreLogo arbitrary script execution</issue>
  <issue tracker="bnc" id="1133534">[PPTX] SmartArt: Basic rendering of Trapezoid List</issue>
  <issue tracker="bnc" id="1146107">VUL-0: CVE-2019-9852: libreoffice:  Insufficient URL encoding flaw in allowed script location check</issue>
  <issue tracker="bnc" id="1146105">VUL-0: CVE-2019-9851: libreoffice: LibreLogo global-event script execution</issue>
  <issue tracker="cve" id="2019-9850"/>
  <issue tracker="cve" id="2019-9851"/>
  <issue tracker="cve" id="2019-9852"/>
  <issue tracker="cve" id="2019-9849"/>
  <issue tracker="cve" id="2019-9848"/>
  <category>security</category>
  <rating>important</rating>
  <packager>scarabeus_iv</packager>
  <description>This update for libreoffice fixes the following issues:

Security issues fixed:

- CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861).
- CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862).
- CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105).
- CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107).
- CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098).

Non-security issue fixed:

- SmartArt: Basic rendering of Trapezoid List (bsc#1133534)
</description>
  <summary>Security update for libreoffice</summary>
</patchinfo>