Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > linux.debian.bugs.dist > #1292743

Bug#1135965: bookworm-pu: package libreoffice/4:7.4.7-1+deb12u12

From Rene Engelhard <rene@debian.org>
Newsgroups linux.debian.bugs.dist, linux.debian.devel.release
Subject Bug#1135965: bookworm-pu: package libreoffice/4:7.4.7-1+deb12u12
Date 2026-05-07 23:20 +0200
Message-ID <MSeit-3nED-3@gated-at.bofh.it> (permalink)
Organization linux.* mail to news gateway

Cross-posted to 2 groups.

Show all headers | View raw

[Multipart message — attachments visible in raw view] - view raw

Package: release.debian.org
Severity: normal
Tags: bookworm
X-Debbugs-Cc: libreoffice@packages.debian.org, rene@debian.org
Control: affects -1 + src:libreoffice
User: release.debian.org@packages.debian.org
Usertags: pu

Hi,

it was discovered that

libreoffice (4:7.4.7-1+deb12u6) bookworm-security; urgency=medium

  * debian/patches/be-coservative-about-allowed-font-names.diff: as name says
    (CVE-2024-12425)
  * debian/patches/consider-VndSunStarExpand-an-exotic-protocol.diff
    debian/patches/look-at-embedded-protocols-too.diff: add patches for
    CVE-2024-12426 from upstream "co-22-05" branch

 -- Rene Engelhard <rene@debian.org>  Sat, 18 Jan 2025 13:30:17 +0100

back then (https://security-tracker.debian.org/tracker/CVE-2024-12426).

didn't fix all cases because I apparently missed an upstream patch in
the series.

The security team suggests to fix this with next weeks point release.

[ Tests ]
There is a test added in the code, just test building

[ Risks ]
Is already upstream for ages so no risk. And it has a test...

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

[ Changes ]
Add the patch from https://gerrit.libreoffice.org/c/core/+/178166

Diff attached. For bookworm of course s/bookworm-security//

Regards,

Rene

Back to linux.debian.bugs.dist | Previous | NextNext in thread | Find similar

Thread

Bug#1135965: bookworm-pu: package libreoffice/4:7.4.7-1+deb12u12 Rene Engelhard <rene@debian.org> - 2026-05-07 23:20 +0200
  Bug#1135965: bookworm-pu: package libreoffice/4:7.4.7-1+deb12u12 Jonathan Wiltshire <jmw@debian.org> - 2026-05-07 23:30 +0200
    Bug#1135965: bookworm-pu: package libreoffice/4:7.4.7-1+deb12u12 Rene Engelhard <rene@debian.org> - 2026-05-08 05:20 +0200
  Bug#1135965: libreoffice 7.4.7-1+deb12u12 flagged for acceptance Adam D Barratt <adam@adam-barratt.org.uk> - 2026-05-08 12:50 +0200

csiph-web