libreoffice-still

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	LibreOffice maintenance branch
Version	7.6.6-3 [extra-testing] 7.6.6-2 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2807	7.3.5-3	7.3.6-1	Unknown	Fixed
AVG-2784	7.2.6-3	7.2.7-1	Unknown	Fixed
AVG-1184	6.3.6-2	6.4.6-1	Medium	Fixed
AVG-1010	6.1.6-2	6.2.6-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2022-26307	AVG-2784	Unknown	Unknown	Unknown	Unknown
CVE-2022-26306	AVG-2784	Unknown	Unknown	Unknown	Unknown
CVE-2022-26305	AVG-2784	Unknown	Unknown	Unknown	Unknown
CVE-2022-3140	AVG-2807	Unknown	Unknown	Unknown	links using that scheme could be constructed to call internal macros with arbitrary arguments. Which when clicked on, or activated by document events, could...
CVE-2020-12803	AVG-1184	Medium	Yes	Arbitrary file overwrite	ODF documents can contain forms to be filled out by the user. Similar to HTML forms, the contained form data can be submitted to a URI, for example, to an...
CVE-2020-12802	AVG-1184	Low	Yes	Access restriction bypass	LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the...
CVE-2019-9849	AVG-1010	Medium	Yes	Information disclosure	LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the...
CVE-2019-9848	AVG-1010	High	Yes	Arbitrary command execution	An issue has been found in LibreOffice before 6.2.5, where documents can specify that pre-installed scripts can be executed on various document events such...

Advisories

Date	Advisory	Group	Severity	Type
16 Aug 2019	ASA-201908-9	AVG-1010	High	multiple issues