Ubuntu
libreoffice package

CVE-2024-6472

Bug #2076130 reported by Rico Tzschichholz
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libreoffice (Ubuntu)
Fix Released
High
Unassigned
Focal
Fix Released
High
Rico Tzschichholz
Jammy
Fix Released
High
Rico Tzschichholz
Noble
Fix Released
High
Unassigned
Oracular
Fix Released
High
Unassigned
See original description

CVE References

Rico Tzschichholz (ricotz)
Changed in libreoffice (Ubuntu Oracular):
status: New → Fix Released
information type: Public → Public Security
Revision history for this message
Rico Tzschichholz (ricotz) wrote :
description: updated
Changed in libreoffice (Ubuntu Jammy):
status: New → In Progress
importance: Undecided → High
assignee: nobody → Rico Tzschichholz (ricotz)
Changed in libreoffice (Ubuntu Focal):
assignee: nobody → Rico Tzschichholz (ricotz)
importance: Undecided → High
status: New → In Progress
Rico Tzschichholz (ricotz)
Changed in libreoffice (Ubuntu Noble):
importance: Undecided → High
Changed in libreoffice (Ubuntu Oracular):
importance: Undecided → High
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for preparing these Rico, I'll prepare the security updates!

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Hi Rico, the debdiff in comment #1 contains a patch that doesn't actually apply to jammy. Could you please fix it? Thanks!

Revision history for this message
Rico Tzschichholz (ricotz) wrote :

Hello Marc, I am sorry for the wrong patch. This should be fixed now.

Revision history for this message
Rico Tzschichholz (ricotz) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks Rico!

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice - 4:24.2.5-0ubuntu0.24.04.2

---------------
libreoffice (4:24.2.5-0ubuntu0.24.04.2) noble-security; urgency=medium

  * No-change rebuild in the -security pocket to fix CVE-2024-6472.
    (LP: #2076130)

 -- Marc Deslauriers <email address hidden> Tue, 13 Aug 2024 10:32:23 -0400

Changed in libreoffice (Ubuntu Noble):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice - 1:6.4.7-0ubuntu0.20.04.11

---------------
libreoffice (1:6.4.7-0ubuntu0.20.04.11) focal-security; urgency=medium

  * SECURITY UPDATE: Ability to trust not validated macro signatures
    removed in high security mode (LP: #2076130)
    - debian/patches/CVE-2024-6472.patch: remove ability to trust not
      validated macro signatures in high security
    - CVE-2024-6472

 -- Rico Tzschichholz <email address hidden> Mon, 05 Aug 2024 21:28:04 +0200

Changed in libreoffice (Ubuntu Focal):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice - 1:7.3.7-0ubuntu0.22.04.6

---------------
libreoffice (1:7.3.7-0ubuntu0.22.04.6) jammy-security; urgency=medium

  * SECURITY UPDATE: Ability to trust not validated macro signatures
    removed in high security mode (LP: #2076130)
    - debian/patches/CVE-2024-6472.patch: remove ability to trust not
      validated macro signatures in high security
    - CVE-2024-6472

 -- Rico Tzschichholz <email address hidden> Mon, 05 Aug 2024 21:22:27 +0200

Changed in libreoffice (Ubuntu Jammy):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.