Ubuntu
libreoffice package

[SRU] libreoffice 5.4.4 for artful

  1. Artful (17.10)
  2. Bug #1746757
Bug #1746757 reported by Olivier Tilloy
14
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libreoffice (Ubuntu)
Fix Released
Low
Unassigned
Artful
Fix Released
High
Unassigned
libreoffice-l10n (Ubuntu)
Fix Released
Low
Unassigned
Artful
Fix Released
High
Unassigned

Bug Description

[Impact]

 * LibreOffice 5.4.4 is the fourth bugfix release of the still 5.4 line. Version 5.4.2 is currently in 17.10.
   For a list of fixed bugs compared to 5.4.2 see the list of bugs fixed in the RC1 and RC2 for 5.4.3 and the RC1 and RC2 for 5.4.4:
     https://wiki.documentfoundation.org/Releases/5.4.3/RC1#List_of_fixed_bugs
     https://wiki.documentfoundation.org/Releases/5.4.3/RC2#List_of_fixed_bugs
     https://wiki.documentfoundation.org/Releases/5.4.4/RC1#List_of_fixed_bugs
     https://wiki.documentfoundation.org/Releases/5.4.4/RC2#List_of_fixed_bugs

 * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes.

 * Libreoffice 5.4.4 (RC2, which is effectively the final release) has been available for users to test since 2017-12-24 in the official "LibreOffice Fresh" PPA (https://launchpad.net/~libreoffice/+archive/ubuntu/ppa/+packages), and it is in bionic-proposed since 2018-01-26.

[Test Case]

 * No specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release went through 2 release candidates.

 * The libreoffice packages include autopkgtests, those should be run and verified to pass.

 * General smoke testing of all the applications in the office suite should be carried out.

[Regression Potential]

 * Two new minor releases with a total of 134 bug fixes always carry the potential for introducing regressions, even though they are bugfix-only releases, meaning that no new features were added, and no existing features were removed.

 * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in.

See original description

CVE References

Olivier Tilloy (osomon)
description: updated
Revision history for this message
Olivier Tilloy (osomon) wrote :

I have prepared source packages, ready for an upload to artful-proposed, at https://people.canonical.com/~osomon/libreoffice-5.4.4/artful-sru/.

Sebastien Bacher (seb128)
Changed in libreoffice (Ubuntu Artful):
importance: Undecided → High
Changed in libreoffice-l10n (Ubuntu Artful):
importance: Undecided → High
status: New → Fix Committed
Changed in libreoffice (Ubuntu Artful):
status: New → Fix Committed
Changed in libreoffice-l10n (Ubuntu):
status: New → Fix Released
Changed in libreoffice (Ubuntu):
status: New → Fix Released
Revision history for this message
Sebastien Bacher (seb128) wrote :

Thanks Olivier, uploaded to the 17.10 queue

Changed in libreoffice (Ubuntu):
importance: Undecided → Low
Changed in libreoffice-l10n (Ubuntu):
importance: Undecided → Low
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Olivier, or anyone else affected,

Accepted libreoffice into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libreoffice/1:5.4.4-0ubuntu0.17.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

tags: added: verification-needed verification-needed-artful
Revision history for this message
Łukasz Zemczak (sil2100) wrote :

Hello Olivier, or anyone else affected,

Accepted libreoffice-l10n into artful-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/libreoffice-l10n/1:5.4.4-0ubuntu0.17.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-artful to verification-done-artful. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-artful. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Mantas Kriaučiūnas (mantas) wrote :

I think we should upload LibreOffice 5.4.5 to Ubuntu 17.10 repository, because 5.4.4 has security issue CVE-2018-6871, see bug #1748999 [SRU] libreoffice 5.4.5 for artful

 Libreoffice 5.4.5 fixes CVE-2018-6871 and ~70 other bugs, see:

https://wiki.documentfoundation.org/Releases/5.4.5/RC1#List_of_fixed_bugs

Revision history for this message
Olivier Tilloy (osomon) wrote :

That is already tracked by bug #1748999.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice - 1:5.4.5-0ubuntu0.17.10.1

---------------
libreoffice (1:5.4.5-0ubuntu0.17.10.1) artful; urgency=medium

  * New upstream release (LP: #1748999)
    - fixes CVE-2018-6871: Remote arbitrary file disclosure vulnerability via
      WEBSERVICE formula
  * debian/patches/apparmor-senddoc-fixes.patch: apparmor fixes for the
    senddoc profile (LP: #1748895)

 -- Olivier Tilloy <email address hidden> Tue, 13 Feb 2018 11:25:01 +0100

Changed in libreoffice (Ubuntu Artful):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice-l10n - 1:5.4.5-0ubuntu0.17.10.1

---------------
libreoffice-l10n (1:5.4.5-0ubuntu0.17.10.1) artful; urgency=medium

  * New upstream release (LP: #1748999)
    - fixes CVE-2018-6871: Remote arbitrary file disclosure vulnerability via
      WEBSERVICE formula
  * debian/patches/apparmor-senddoc-fixes.patch: apparmor fixes for the
    senddoc profile (LP: #1748895)

 -- Olivier Tilloy <email address hidden> Tue, 13 Feb 2018 11:25:01 +0100

Changed in libreoffice-l10n (Ubuntu Artful):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.