Bug 17789

Fedora now has fixes backported to 4.4.7.  Their advisory from February 28:
https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html

Pinging Thierry.  Could we update LO and the supporting libraries please?

err...
We already got libreoffice-4.4.7 in core/updates...
Since January...
I wrote the advisory one month and half before this ticket was opened...

*** This bug has been marked as a duplicate of bug 17454 ***

Status: NEW => RESOLVED
Resolution: (none) => DUPLICATE

Sigh...

Please read more carefully.  Fedora *backported* fixes to 4.4.7 (3 months after updating to 4.4.7).  These issues are not fixed.

Status: RESOLVED => REOPENED
Resolution: DUPLICATE => (none)

LO submitted

Source RPM: libreoffice-4.4.7.2-1.mga5.src.rpm => libreoffice-4.4.7.2-2.mga5.src.rpm

Thanks!

Advisory:
========================

Updated libreoffice packages fix security vulnerabilities:

The lwp filter in LibreOffice before 5.0.4 allows remote attackers to cause a
denial of service (memory corruption) or possibly have unspecified other impact
via a crafted LotusWordPro (lwp) document (CVE-2016-0794).

LibreOffice before 5.0.5 allows remote attackers to cause a denial of service
(memory corruption) or possibly have unspecified other impact via a crafted
LwpTocSuperLayout record in a LotusWordPro (lwp) document (CVE-2016-0795).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0794
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0795
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
https://lists.fedoraproject.org/pipermail/package-announce/2016-February/178036.html
========================

Updated packages in core/updates_testing:
========================libreoffice-4.4.7.2-2.mga5
libreoffice-base-4.4.7.2-2.mga5
libreoffice-bsh-4.4.7.2-2.mga5
libreoffice-calc-4.4.7.2-2.mga5
libreoffice-core-4.4.7.2-2.mga5
libreoffice-draw-4.4.7.2-2.mga5
libreoffice-emailmerge-4.4.7.2-2.mga5
libreoffice-filters-4.4.7.2-2.mga5
libreoffice-glade-4.4.7.2-2.mga5
libreoffice-graphicfilter-4.4.7.2-2.mga5
libreoffice-impress-4.4.7.2-2.mga5
libreoffice-java-common-4.4.7.2-2.mga5
libreoffice-kde-4.4.7.2-2.mga5
libreoffice-langpack-af-4.4.7.2-2.mga5
libreoffice-langpack-ar-4.4.7.2-2.mga5
libreoffice-langpack-as-4.4.7.2-2.mga5
libreoffice-langpack-bg-4.4.7.2-2.mga5
libreoffice-langpack-bn-4.4.7.2-2.mga5
libreoffice-langpack-br-4.4.7.2-2.mga5
libreoffice-langpack-ca-4.4.7.2-2.mga5
libreoffice-langpack-cs-4.4.7.2-2.mga5
libreoffice-langpack-cy-4.4.7.2-2.mga5
libreoffice-langpack-da-4.4.7.2-2.mga5
libreoffice-langpack-de-4.4.7.2-2.mga5
libreoffice-langpack-dz-4.4.7.2-2.mga5
libreoffice-langpack-el-4.4.7.2-2.mga5
libreoffice-langpack-en-4.4.7.2-2.mga5
libreoffice-langpack-es-4.4.7.2-2.mga5
libreoffice-langpack-et-4.4.7.2-2.mga5
libreoffice-langpack-eu-4.4.7.2-2.mga5
libreoffice-langpack-fa-4.4.7.2-2.mga5
libreoffice-langpack-fi-4.4.7.2-2.mga5
libreoffice-langpack-fr-4.4.7.2-2.mga5
libreoffice-langpack-ga-4.4.7.2-2.mga5
libreoffice-langpack-gl-4.4.7.2-2.mga5
libreoffice-langpack-gu-4.4.7.2-2.mga5
libreoffice-langpack-he-4.4.7.2-2.mga5
libreoffice-langpack-hi-4.4.7.2-2.mga5
libreoffice-langpack-hr-4.4.7.2-2.mga5
libreoffice-langpack-hu-4.4.7.2-2.mga5
libreoffice-langpack-it-4.4.7.2-2.mga5
libreoffice-langpack-ja-4.4.7.2-2.mga5
libreoffice-langpack-kk-4.4.7.2-2.mga5
libreoffice-langpack-kn-4.4.7.2-2.mga5
libreoffice-langpack-ko-4.4.7.2-2.mga5
libreoffice-langpack-lt-4.4.7.2-2.mga5
libreoffice-langpack-lv-4.4.7.2-2.mga5
libreoffice-langpack-mai-4.4.7.2-2.mga5
libreoffice-langpack-ml-4.4.7.2-2.mga5
libreoffice-langpack-mr-4.4.7.2-2.mga5
libreoffice-langpack-nb-4.4.7.2-2.mga5
libreoffice-langpack-nl-4.4.7.2-2.mga5
libreoffice-langpack-nn-4.4.7.2-2.mga5
libreoffice-langpack-nr-4.4.7.2-2.mga5
libreoffice-langpack-nso-4.4.7.2-2.mga5
libreoffice-langpack-or-4.4.7.2-2.mga5
libreoffice-langpack-pa-4.4.7.2-2.mga5
libreoffice-langpack-pl-4.4.7.2-2.mga5
libreoffice-langpack-pt-4.4.7.2-2.mga5
libreoffice-langpack-pt_BR-4.4.7.2-2.mga5
libreoffice-langpack-ro-4.4.7.2-2.mga5
libreoffice-langpack-ru-4.4.7.2-2.mga5
libreoffice-langpack-si-4.4.7.2-2.mga5
libreoffice-langpack-sk-4.4.7.2-2.mga5
libreoffice-langpack-sl-4.4.7.2-2.mga5
libreoffice-langpack-sr-4.4.7.2-2.mga5
libreoffice-langpack-ss-4.4.7.2-2.mga5
libreoffice-langpack-st-4.4.7.2-2.mga5
libreoffice-langpack-sv-4.4.7.2-2.mga5
libreoffice-langpack-ta-4.4.7.2-2.mga5
libreoffice-langpack-te-4.4.7.2-2.mga5
libreoffice-langpack-th-4.4.7.2-2.mga5
libreoffice-langpack-tn-4.4.7.2-2.mga5
libreoffice-langpack-tr-4.4.7.2-2.mga5
libreoffice-langpack-ts-4.4.7.2-2.mga5
libreoffice-langpack-uk-4.4.7.2-2.mga5
libreoffice-langpack-ve-4.4.7.2-2.mga5
libreoffice-langpack-xh-4.4.7.2-2.mga5
libreoffice-langpack-zh_CN-4.4.7.2-2.mga5
libreoffice-langpack-zh_TW-4.4.7.2-2.mga5
libreoffice-langpack-zu-4.4.7.2-2.mga5
libreoffice-librelogo-4.4.7.2-2.mga5
libreoffice-math-4.4.7.2-2.mga5
libreoffice-nlpsolver-4.4.7.2-2.mga5
libreoffice-officebean-4.4.7.2-2.mga5
libreoffice-ogltrans-4.4.7.2-2.mga5
libreoffice-pdfimport-4.4.7.2-2.mga5
libreoffice-postgresql-4.4.7.2-2.mga5
libreoffice-pyuno-4.4.7.2-2.mga5
libreoffice-rhino-4.4.7.2-2.mga5
libreoffice-sdk-4.4.7.2-2.mga5
libreoffice-sdk-doc-4.4.7.2-2.mga5
libreoffice-ure-4.4.7.2-2.mga5
libreoffice-wiki-publisher-4.4.7.2-2.mga5
libreoffice-writer-4.4.7.2-2.mga5
libreoffice-xsltfilter-4.4.7.2-2.mga5
autocorr-af-4.4.7.2-2.mga5
autocorr-bg-4.4.7.2-2.mga5
autocorr-ca-4.4.7.2-2.mga5
autocorr-cs-4.4.7.2-2.mga5
autocorr-da-4.4.7.2-2.mga5
autocorr-de-4.4.7.2-2.mga5
autocorr-en-4.4.7.2-2.mga5
autocorr-es-4.4.7.2-2.mga5
autocorr-fa-4.4.7.2-2.mga5
autocorr-fi-4.4.7.2-2.mga5
autocorr-fr-4.4.7.2-2.mga5
autocorr-ga-4.4.7.2-2.mga5
autocorr-hr-4.4.7.2-2.mga5
autocorr-hu-4.4.7.2-2.mga5
autocorr-is-4.4.7.2-2.mga5
autocorr-it-4.4.7.2-2.mga5
autocorr-ja-4.4.7.2-2.mga5
autocorr-ko-4.4.7.2-2.mga5
autocorr-lb-4.4.7.2-2.mga5
autocorr-lt-4.4.7.2-2.mga5
autocorr-mn-4.4.7.2-2.mga5
autocorr-nl-4.4.7.2-2.mga5
autocorr-pl-4.4.7.2-2.mga5
autocorr-pt-4.4.7.2-2.mga5
autocorr-ro-4.4.7.2-2.mga5
autocorr-ru-4.4.7.2-2.mga5
autocorr-sk-4.4.7.2-2.mga5
autocorr-sl-4.4.7.2-2.mga5
autocorr-sr-4.4.7.2-2.mga5
autocorr-sv-4.4.7.2-2.mga5
autocorr-tr-4.4.7.2-2.mga5
autocorr-vi-4.4.7.2-2.mga5
autocorr-zh-4.4.7.2-2.mga5
libreoffice-opensymbol-fonts-4.4.7.2-2.mga5

from libreoffice-4.4.7.2-2.mga5.src.rpm

Assignee: thierry.vignaud => qa-bugs

(In reply to David Walser from comment #4)

Note that:
- 4.4.x is no more supported upstream
- but FC22 still support it (until end of June?)

So at end of June, we might consider rebasing mga5's LO to 5.0.x

CC: (none) => thierry.vignaud
Hardware: i586 => All

Yes, an update to 5.0.x would be quite welcome.  Hopefully the problem mentioned in Bug 17586 will no longer be an issue.

Hi Thierry,

I saw that you updated some of the supporting libraries.  Did you want to ship those as part of this update?  If so, you'll need to rebuild libreoffice if you want the libwps update to be included, since it's linked against libwps0.3, but the updated one is libwps0.4.

Packages built:
librevenge0-0.0.4-1.mga5
librevenge-devel-0.0.4-1.mga5
librevenge-doc-0.0.4-1.mga5
libcdr0.1_1-0.1.2-1.mga5
libcdr-devel-0.1.2-1.mga5
libcdr-doc-0.1.2-1.mga5
libcdr-tools-0.1.2-1.mga5
libvisio0.1_1-0.1.5-1.mga5
libvisio-devel-0.1.5-1.mga5
libvisio-doc-0.1.5-1.mga5
libvisio-tools-0.1.5-1.mga5
libwpd-tools-0.10.1-1.mga5
libwpd0.10_10-0.10.1-1.mga5
libwpd-devel-0.10.1-1.mga5
libwps-tools-0.4.3-1.mga5
libwps0.4_4-0.4.3-1.mga5
libwps-devel-0.4.3-1.mga5
libwps-docs-0.4.3-1.mga5

from SRPMS:
librevenge-0.0.4-1.mga5.src.rpm
libcdr-0.1.2-1.mga5.src.rpm
libvisio-0.1.5-1.mga5.src.rpm
libwpd-0.10.1-1.mga5.src.rpm
libwps-0.4.3-1.mga5.src.rpm

No that's for preparing a future LO-5.0.x

Thanks Thierry.  I thought that might be the case.

I tested Writer, Calc, and Impress on Mageia 5 i586 and all work fine.

Whiteboard: (none) => MGA5-32-OK

mga5-64 - running GNOME

I uninstalled libreoffice 4.4.7.2-1 completely and then installed 4.4.7.2-2.

The following 21 packages are going to be installed:

- lib64gladeui1_11-3.8.5-3.mga5.x86_64
- libreoffice-4.4.7.2-2.mga5.x86_64
- libreoffice-base-4.4.7.2-2.mga5.x86_64
- libreoffice-calc-4.4.7.2-2.mga5.x86_64
- libreoffice-core-4.4.7.2-2.mga5.x86_64
- libreoffice-draw-4.4.7.2-2.mga5.x86_64
- libreoffice-emailmerge-4.4.7.2-2.mga5.x86_64
- libreoffice-filters-4.4.7.2-2.mga5.x86_64
- libreoffice-glade-4.4.7.2-2.mga5.x86_64
- libreoffice-graphicfilter-4.4.7.2-2.mga5.x86_64
- libreoffice-impress-4.4.7.2-2.mga5.x86_64
- libreoffice-java-common-4.4.7.2-2.mga5.x86_64
- libreoffice-langpack-en-4.4.7.2-2.mga5.x86_64
- libreoffice-math-4.4.7.2-2.mga5.x86_64
- libreoffice-ogltrans-4.4.7.2-2.mga5.x86_64
- libreoffice-opensymbol-fonts-4.4.7.2-2.mga5.noarch
- libreoffice-pdfimport-4.4.7.2-2.mga5.x86_64
- libreoffice-pyuno-4.4.7.2-2.mga5.x86_64
- libreoffice-ure-4.4.7.2-2.mga5.x86_64
- libreoffice-writer-4.4.7.2-2.mga5.x86_64
- libreoffice-xsltfilter-4.4.7.2-2.mga5.x86_64

Tested password protected documents, xlsx, odt, pptx and docx as well as some ods documents.  Seems to be working properly.

CC: (none) => brtians1
Whiteboard: MGA5-32-OK => MGA5-32-OK MGA5-64-OK

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0194.html

Status: REOPENED => RESOLVED
Resolution: (none) => FIXED