Overview

File _patchinfo of Package patchinfo.12310

<patchinfo incident="12310">
  <issue tracker="bnc" id="1133534">[PPTX] SmartArt: Basic rendering of Trapezoid List</issue>
  <issue tracker="bnc" id="1141861">VUL-1: CVE-2019-9849: libreoffice: remote bullet graphics retrieved in 'stealth mode'</issue>
  <issue tracker="bnc" id="1141862">VUL-1: CVE-2019-9848: libreoffice: LibreLogo arbitrary script execution</issue>
  <issue tracker="bnc" id="1146098">VUL-0: CVE-2019-9850: libreoffice:  Insufficient url validation allowing LibreLogo script execution</issue>
  <issue tracker="bnc" id="1146105">VUL-0: CVE-2019-9851: libreoffice: LibreLogo global-event script execution</issue>
  <issue tracker="bnc" id="1146107">VUL-0: CVE-2019-9852: libreoffice:  Insufficient URL encoding flaw in allowed script location check</issue>
  <issue tracker="bnc" id="1149943">VUL-0: CVE-2019-9855: libreoffice: Windows 8.3 path equivalence handling flaw allows LibreLogo script execution</issue>
  <issue tracker="bnc" id="1149944">VUL-0: CVE-2019-9854: libreoffice: Unsafe URL assembly flaw in allowed script location check</issue>
  <issue tracker="cve" id="2019-9848"/>
  <issue tracker="cve" id="2019-9849"/>
  <issue tracker="cve" id="2019-9850"/>
  <issue tracker="cve" id="2019-9851"/>
  <issue tracker="cve" id="2019-9852"/>
  <issue tracker="cve" id="2019-9854"/>
  <issue tracker="cve" id="2019-9855"/>
  <packager>scarabeus_iv</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libreoffice</summary>
  <description>This update for libreoffice fixes the following issues:

Updated to version 6.2.7.1.

Security issues fixed:

- CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861).
- CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862).
- CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105).
- CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107).
- CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098).
- CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944).
- CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943)

Non-security issue fixed:

- SmartArt: Basic rendering of Trapezoid List (bsc#1133534).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places