File _patchinfo of Package patchinfo.31324

<patchinfo incident="31324">
  <issue tracker="jsc" id="PED-5199"/>
  <issue tracker="jsc" id="PED-6799"/>
  <issue tracker="jsc" id="PED-6800"/>
  <issue tracker="bnc" id="1209243">VUL-0: libreoffice: arbitrary file write via hsqldb script</issue>
  <issue tracker="bnc" id="1215595">LO Draw: does NOT launch when LO 7.5 or 7.6 from OBS or 7.6 from Leap, but does WORK when 7.4 from OBS</issue>
  <issue tracker="bnc" id="1212444">VUL-0: CVE-2023-1183: libreoffice: Arbitrary File Write in LibreOffice Base</issue>
  <issue tracker="cve" id="2023-1183"/>
  <packager>dspinella</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for libreoffice</summary>
  <description>This update for fixes the following issues:

libreoffice was updated rom 7.5.4.1 to 7.6.2.1 (jsc#PED-6799, jsc#PED-6800):

- For the highlights of changes of version 7.6 please consult the official release notes:

  * https://wiki.documentfoundation.org/ReleaseNotes/7.6

- You can check for each minor release notes here:

  * https://wiki.documentfoundation.org/Releases/7.6.2/RC1
  * https://wiki.documentfoundation.org/Releases/7.6.1/RC2
  * https://wiki.documentfoundation.org/Releases/7.6.1/RC1
  * https://wiki.documentfoundation.org/Releases/7.6.0/RC3
  * https://wiki.documentfoundation.org/Releases/7.6.0/RC2
  * https://wiki.documentfoundation.org/Releases/7.6.0/RC1

- Security issues fixed:

  * CVE-2023-1183: Fixed arbitrary file write in LibreOffice Base (bsc#1212444, bsc#1209243)

- Updated bundled dependencies:

  * boost version update from 1_80_0 to 1_82_0
  * curl version update from 8.0.1 to 8.2.1
  * icu4c-data version update from 72_1 to 73_2
  * icu4c version update from 72_1 to 73_2
  * pdfium version update from 5408 to 5778
  * poppler version update from 22.12.0 to 23.06.0
  * poppler-data version update from 0.4.11 to 0.4.12
  * skia version from m103-b301ff025004c9cd82816c86c547588e6c24b466 to 
    skia-m111-a31e897fb3dcbc96b2b40999751611d029bf5404

- New bundled dependencies:

  * graphite2-minimal-1.3.14.tgz
  * harfbuzz-8.0.0.tar.xz

- New build dependencies:

  * frozen-devel
  * liborcus-0_18-0
  * libixion
  * mdds-2_1

- New runtime dependencies:

  * `libreoffice-draw` requires `libreoffice-impress` (bsc#1215595)

frozen was implemented:

- New Libreoffice package dependency

libixion was updated to version 0.18.1:
    
- Updated to 0.18.1:

  * Fixed a 32-bit Linux build issue as discovered on Debian, due to a clash on
    two 32-bit unsigned integer types being used with std::variant.

- Updated to 0.18.0:

  * Removed the formula_model_access interface from model_context, and switched
    to using model_context directly everywhere.
  * Revised formula_tokens_t type to remove use of std::unique_ptr for each
    formula_token instance.  This should improve memory locality when
    iterating through an array of formula token values.  A similar change has
    also been made to lexer_tokens_t and lexer_token types.
  * Added 41 built-in functions
  * Added support for multi-sheet references in Excel A1 and Excel R1C1
    grammers.

liborcus was updated to version 0.18.1:

- Updated to 0.18.1:

  * sax parser:

    + added support for optionally skipping multiple BOM's in the beginning of
      XML stream.  This affects all XML-based file format filters such as
      xls-xml (aka Excel 2003 XML).

  * xml-map:

    + fixed a bug where an XML document consisting of simple single-column
      records were not properly converted to sheet data

  * xls-xml:

    + fixed a bug where the filter would always pass border color even when it
      was not set

  * buildsystem:

    + added new configure switches --without-benchmark and --without-doc-example
      to optinally skip building of these two directories

mdds-2_1 was implemented:

- New Libreoffice package dependency

</description>
</patchinfo>