CVE-2023-6185 and CVE-2023-6186
Bug #2046037 reported by
Rico Tzschichholz
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libreoffice (Ubuntu) |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
Focal |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
Jammy |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
Lunar |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
Mantic |
Fix Released
|
Critical
|
Rico Tzschichholz | ||
Noble |
Fix Released
|
Critical
|
Rico Tzschichholz |
Bug Description
CVE-2023-6185: "Improper input validation enabling arbitrary Gstreamer pipeline injection"
https:/
CVE-2023-6186: "Link targets allow arbitrary script execution"
https:/
https:/
https:/
More information will follow.
Changed in libreoffice (Ubuntu Noble): | |
status: | New → Fix Released |
Changed in libreoffice (Ubuntu Mantic): | |
status: | New → In Progress |
Changed in libreoffice (Ubuntu Lunar): | |
status: | New → In Progress |
importance: | Undecided → Critical |
Changed in libreoffice (Ubuntu Mantic): | |
importance: | Undecided → Critical |
Changed in libreoffice (Ubuntu Noble): | |
importance: | Undecided → Critical |
Changed in libreoffice (Ubuntu Jammy): | |
importance: | Undecided → Critical |
Changed in libreoffice (Ubuntu Focal): | |
importance: | Undecided → Critical |
Changed in libreoffice (Ubuntu Noble): | |
assignee: | nobody → Rico Tzschichholz (ricotz) |
Changed in libreoffice (Ubuntu Mantic): | |
assignee: | nobody → Rico Tzschichholz (ricotz) |
Changed in libreoffice (Ubuntu Lunar): | |
assignee: | nobody → Rico Tzschichholz (ricotz) |
description: | updated |
Changed in libreoffice (Ubuntu Jammy): | |
status: | New → In Progress |
Changed in libreoffice (Ubuntu Focal): | |
status: | New → In Progress |
description: | updated |
Changed in libreoffice (Ubuntu Lunar): | |
status: | In Progress → Fix Released |
Changed in libreoffice (Ubuntu Mantic): | |
status: | In Progress → Fix Released |
Changed in libreoffice (Ubuntu Jammy): | |
assignee: | nobody → Rico Tzschichholz (ricotz) |
Changed in libreoffice (Ubuntu Focal): | |
assignee: | nobody → Rico Tzschichholz (ricotz) |
To post a comment you must log in.
Hello Rico, are these debdiffs ready to be sponsored into the -security pocket? If so, could you outline the testing that has been performed on them so far?
Is there a reason for this to remain private? both of the libreoffice links appear public now.
Thanks