desktop-packages team mailing list archive

Thread
Date

[Bug 1441224] Re: CVE-2015-1774

To: desktop-packages@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Mon, 27 Apr 2015 11:47:16 -0000
Reply-to: Bug 1441224 <1441224@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Information type changed from Private Security to Public Security

** Also affects: libreoffice (Ubuntu Utopic)
   Importance: Undecided
       Status: New

** Also affects: libreoffice (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: libreoffice (Ubuntu Vivid)
   Importance: High
     Assignee: Björn Michaelsen (bjoern-michaelsen)
       Status: In Progress

** Also affects: libreoffice (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: libreoffice (Ubuntu Precise)
       Status: New => Confirmed

** Changed in: libreoffice (Ubuntu Trusty)
       Status: New => Confirmed

** Changed in: libreoffice (Ubuntu Utopic)
       Status: New => Confirmed

** Changed in: libreoffice (Ubuntu Precise)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libreoffice (Ubuntu Trusty)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libreoffice (Ubuntu Utopic)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libreoffice (Ubuntu Vivid)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to libreoffice in Ubuntu.
https://bugs.launchpad.net/bugs/1441224

Title:
  CVE-2015-1774

Status in libreoffice package in Ubuntu:
  Fix Released
Status in libreoffice source package in Precise:
  Confirmed
Status in libreoffice source package in Trusty:
  Confirmed
Status in libreoffice source package in Utopic:
  Confirmed
Status in libreoffice source package in Vivid:
  Fix Released

Bug description:
  Disclosure date is targeted: 2015-04-25

  U-Series:
      Upstream master has the fix as commit f974db5d89eacf0c23e303c22c62972014e9db16. The fix can be found on branches with "git log --grep I69ab0ca9c017c9a1c10d18fd850f32a92c641d12".

  Vivid:
      Upstream LibreOffice 4.4.2 has the fix as bddab9a94f84e4067ca268c67df1b8708d3eea23, Ubuntu vivid package is already available at https://launchpad.net/~libreoffice/+archive/ubuntu/ppa/+packages

  Utopic:
       Upstream version LibreOffice 4.3.7 will have the fix as f2d49715c176c80c4b0fa3a7799d610eb5afec88 => thus needs SRU for utopic https://wiki.documentfoundation.org/ReleasePlan/4.3#4.3.7_release

  Trusty:
       LibreOffice 4.2 is EOL upstream, thus needs manual backport of patch on top of LibreOffice 4.2.8 as in trusty-proposed

  Precise:
       LibreOffice 3.5 is EOL upstream, thus needs manual backport of patch on top of LibreOffice 3.5.7

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/1441224/+subscriptions