[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[libreoffice-users] Re: Security Problema CVE-2019-9848 e CVE-2019-9848 and patch for Fresh not for Steel


ANDREA FERRARIS wrote
> Sorry for the wrong language, here You are the translation:
>
> I think it's been known for weeks, published about a month ago and
> rather serious because it allows the arbitrary execution of python
> scripts without the user's knowledge when opening a malicious document.
>
> The solution provided is the upgrade to version 6.2.5, which however
> does not seem optimal, since it is the Fresh version of development,
> whereas if one wanted to remain on the production one, Steel 6.1.X, how
> he should do?
>
> Greetings,
>
>
>> Andrea Ferraris
>>


CVE-2019-9847 , CVE-2019-9848, and CVE-2019-9849 have all be corrected by
TDF for current "Fresh" 6.3.0 and "Still" 6.2.5 release builds. Follow the
TDF Discuss mail list
<https://listarchives.documentfoundation.org/www/discuss/> for any
security related issues.

Otherwise, sorry but the 6.1 branch is not supported by TDF, it is
End-of-Life effective 2019-05-29

The 6.3 branch was released 2019-08-08 and its 6.3.0 build is current
"Fresh" release

The 6.2 branch has now become the "Still" branch, with the patched 6.2.5
release available (and the 6.2.6 release candidate already built and
available for testing).

Meaning that either users Linux distro must update their packaging, or
users must seek 3rd party support to continue to use a 6.1 or pre 6.2.5
build of LibreOffice.

But again this belongs on the Discuss mail list.






--
Sent from: http://document-foundation-mail-archive.969070.n3.nabble.com/Users-f1639498.html

--
To unsubscribe e-mail to: users+unsubscribe@global.libreoffice.org
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.libreoffice.org/global/users/
Privacy Policy: https://www.documentfoundation.org/privacy

References:
[libreoffice-users] Problema sicurezza CVE-2019-9848 e CVE-2019-9848 e patch per Fresh non per SteelAndrea Ferraris - Comune di Cossato <andrea.ferraris@comune.cossato.bi.it>
Re: [libreoffice-users] Security Problema CVE-2019-9848 e CVE-2019-9848 and patch for Fresh not for SteelAndrea Ferraris - Comune di Cossato <andrea.ferraris@comune.cossato.bi.it>
Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.