CVE-2023-6185 and CVE-2023-6186
Bug #2046037 reported by
Rico Tzschichholz
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libreoffice (Ubuntu) |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
| Focal |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
| Jammy |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
| Lunar |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
| Mantic |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
| Noble |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
Bug Description
CVE-2023-6185: "Improper input validation enabling arbitrary Gstreamer pipeline injection"
https:/
CVE-2023-6186: "Link targets allow arbitrary script execution"
https:/
https:/
https:/
More information will follow.
| Changed in libreoffice (Ubuntu Noble): | |
| status: | New → Fix Released |
| Changed in libreoffice (Ubuntu Mantic): | |
| status: | New → In Progress |
| Changed in libreoffice (Ubuntu Lunar): | |
| status: | New → In Progress |
| importance: | Undecided → Critical |
| Changed in libreoffice (Ubuntu Mantic): | |
| importance: | Undecided → Critical |
| Changed in libreoffice (Ubuntu Noble): | |
| importance: | Undecided → Critical |
| Changed in libreoffice (Ubuntu Jammy): | |
| importance: | Undecided → Critical |
| Changed in libreoffice (Ubuntu Focal): | |
| importance: | Undecided → Critical |
| Changed in libreoffice (Ubuntu Noble): | |
| assignee: | nobody → Rico Tzschichholz (ricotz) |
| Changed in libreoffice (Ubuntu Mantic): | |
| assignee: | nobody → Rico Tzschichholz (ricotz) |
| Changed in libreoffice (Ubuntu Lunar): | |
| assignee: | nobody → Rico Tzschichholz (ricotz) |
| description: | updated |
| Changed in libreoffice (Ubuntu Jammy): | |
| status: | New → In Progress |
| Changed in libreoffice (Ubuntu Focal): | |
| status: | New → In Progress |
| description: | updated |
| Changed in libreoffice (Ubuntu Lunar): | |
| status: | In Progress → Fix Released |
| Changed in libreoffice (Ubuntu Mantic): | |
| status: | In Progress → Fix Released |
| Changed in libreoffice (Ubuntu Jammy): | |
| assignee: | nobody → Rico Tzschichholz (ricotz) |
| Changed in libreoffice (Ubuntu Focal): | |
| assignee: | nobody → Rico Tzschichholz (ricotz) |
Revision history for this message
| Rico Tzschichholz (ricotz) wrote | #3 |
Revision history for this message
| Rico Tzschichholz (ricotz) wrote | #4 |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #5 |
Revision history for this message
| Rico Tzschichholz (ricotz) wrote | #6 |
| information type: | Private Security → Public Security |
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #7 |
| Changed in libreoffice (Ubuntu Focal): | |
| status: | In Progress → Fix Released |
| Changed in libreoffice (Ubuntu Jammy): | |
| status: | In Progress → Fix Released |
To post a comment you must log in.
Hello Rico, are these debdiffs ready to be sponsored into the -security pocket? If so, could you outline the testing that has been performed on them so far?
Is there a reason for this to remain private? both of the libreoffice links appear public now.
Thanks