[SRU] libreoffice 6.2.7 for disco

Bug #1843763 reported by Marcus Tomlinson on 2019-09-12
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libreoffice (Ubuntu)
High
Marcus Tomlinson
Disco
High
Marcus Tomlinson
libreoffice-l10n (Ubuntu)
High
Marcus Tomlinson
Disco
High
Marcus Tomlinson

Bug Description

[Impact]

 * LibreOffice 6.2.7 is in its seventh bugfix release of the 6.2 line.
   For a list of fixed bugs compared to 6.2.6 see:
     https://wiki.documentfoundation.org/Releases/6.2.7/RC1#List_of_fixed_bugs
   (that's a total of 32 bugs)

 * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes.

[Test Case]

 * No specific test case, bugs fixed upstream hopefully come with unit/regression tests, and the release itself is extensively exercised upstream (both in an automated manner and manually) by a community of testers. Each minor release normally goes through two release candidates.

 * The libreoffice packages include autopkgtests, those should be run and verified to pass.

 * General smoke testing of all the applications in the office suite should be carried out.

[Regression Potential]

 * A minor release with a total of 32 bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed.

 * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in.

CVE References

Changed in libreoffice (Ubuntu):
assignee: nobody → Marcus Tomlinson (marcustomlinson)
Changed in libreoffice (Ubuntu Disco):
assignee: nobody → Marcus Tomlinson (marcustomlinson)
Changed in libreoffice-l10n (Ubuntu Disco):
assignee: nobody → Marcus Tomlinson (marcustomlinson)
Changed in libreoffice-l10n (Ubuntu):
assignee: nobody → Marcus Tomlinson (marcustomlinson)
Changed in libreoffice (Ubuntu):
importance: Undecided → High
Changed in libreoffice (Ubuntu Disco):
importance: Undecided → High
Changed in libreoffice-l10n (Ubuntu):
importance: Undecided → High
Changed in libreoffice-l10n (Ubuntu Disco):
importance: Undecided → High
Changed in libreoffice-l10n (Ubuntu):
status: New → In Progress
Changed in libreoffice-l10n (Ubuntu Disco):
status: New → In Progress
Changed in libreoffice (Ubuntu Disco):
status: New → In Progress
Changed in libreoffice (Ubuntu):
status: New → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice - 1:6.2.7-0ubuntu0.19.04.1

---------------
libreoffice (1:6.2.7-0ubuntu0.19.04.1) disco-security; urgency=medium

  * New upstream release (LP: #1843763)
  * Fixes CVE-2019-9854: Unsafe URL assembly flaw in allowed script location check

 -- Marcus Tomlinson <email address hidden> Thu, 12 Sep 2019 15:53:48 +0100

Changed in libreoffice (Ubuntu Disco):
status: In Progress → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice-l10n - 1:6.2.7-0ubuntu0.19.04.1

---------------
libreoffice-l10n (1:6.2.7-0ubuntu0.19.04.1) disco-security; urgency=medium

  * New upstream release (LP: #1843763)
  * Fixes CVE-2019-9854: Unsafe URL assembly flaw in allowed script location check

 -- Marcus Tomlinson <email address hidden> Thu, 12 Sep 2019 15:53:48 +0100

Changed in libreoffice-l10n (Ubuntu Disco):
status: In Progress → Fix Released
Changed in libreoffice-l10n (Ubuntu):
status: In Progress → Fix Released
Changed in libreoffice (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers