- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LFE
——————————————————————————–
Fedora Update Notification
FEDORA-2014-10732
2014-09-12 13:46:34
——————————————————————————–
Name : libreoffice
Product : Fedora 20
Version : 4.2.6.3
Release : 3.fc20
URL : http://www.libreoffice.org/
Summary : Free Software Productivity Suite
Description :
LibreOffice is an Open Source, community-developed, office productivity suite.
It includes the key desktop applications, such as a word processor,
spreadsheet, presentation manager, formula editor and drawing program, with a
user interface and feature set similar to other office suites. Sophisticated
and flexible, LibreOffice also works transparently with a variety of file
formats, including Microsoft Office File Formats.
——————————————————————————–
Update Information:
CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
The vulnerability allows an attacker to send a document which when opened will trigger the prompt to “Update Links” but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties.
Also contains an enhancement to create a master document template type to allow putting master documents in the template manager
new bugfix release
——————————————————————————–
ChangeLog:
* Wed Sep 10 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.6.3-3
– create a master document template type
* Tue Sep 9 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.6.3-2
– Resolves: fdo#82496 Change picture by right clicking in writer
* Thu Aug 28 2014 David Tardon <dtardon@redhat.com> – 1:4.2.6.3-1
– new bugfix release
– fix build on ppc64
* Fri Aug 15 2014 David Tardon <dtardon@redhat.com> – 1:4.2.6.2-2
– Resolves: rhbz#1079672: FileDialog: don’t insert stale preview image
– Related: rhbz#1130264 plausible fix for reported crash in avmedia
– Resolves: rhbz#1125588 port LibreOffice to ppc64le
– refine current date/time hotkey handling
* Mon Jul 28 2014 David Tardon <dtardon@redhat.com> – 1:4.2.6.2-1
– new bugfix release
– Resolves: rhbz#1121254 crash when using font selector after adding new font
* Fri Jul 25 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.5.2-11
– Resolves: rhbz#1122868 toggling orientations causes more trouble
* Wed Jul 23 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.5.2-10
– Related: rhbz#1117128 missing pictures in impress
* Mon Jul 21 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.5.2-9
– Resolves: rhbz#1121341 crash on closing shrunk validity window
* Fri Jul 18 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.5.2-8
– Resolves: rhbz#1117853 nStartPara of EE_PARA_NOT_FOUND
– Related: rhbz#1089466 speculative fix for scrolling woes in calc
* Tue Jul 15 2014 Eike Rathke <erack@redhat.com> – 1:4.2.5.2-6
– Resolves: rhbz#1118983 sorting breaks cell references to other sheets
– Resolves: fdo#79441 keep 3D references intact during sort
– Resolves: fdo#77018 keep external references intact during sort
* Thu Jul 10 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.5.2-5
– Resolves: fix fdo#79151 chart label woes
* Tue Jul 8 2014 David Tardon <dtardon@redhat.com> – 1:4.2.5.2-4
– avoid problems detecting HTML files with xls extension
* Fri Jul 4 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.5.2-3
– Resolves: rhbz#1089207 crash in OOXML import
– allow building with icu 4.2
– Resolves: fdo#80911 toggle fallback paper sizes when they are already
in landscape mode
* Tue Jul 1 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.5.2-2
– fix detection of salesforce html pretending to be .xls by stripping
leading whitespace before <!DOCTYPE line
* Thu Jun 12 2014 David Tardon <dtardon@redhat.com> – 1:4.2.5.2-1
– update to 4.2.5
* Mon Jun 9 2014 David Tardon <dtardon@redhat.com> – 1:4.2.2.4-20
– Resolves: rhbz#1105376 FlatODF import/export does not work unless
libreoffice-xsltfilter is installed
* Sun Jun 8 2014 Kevin Kofler <Kevin@tigcc.ticalc.org> – 1:4.2.4.2-19
– rebuild against fixed Qt to get KDE file dialogs back
– Resolves: rhbz#1105422 KDE file dialogs not showing in libreoffice
* Thu Jun 5 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-18
– Resolves: rhbz#1104068 crash converting fontwork to curve
– Resolves: rhbz#1096747 crash/hang on format page in html document
– Resolves: rhbz#1099927 copy and paste from firefox defaulting to text
* Tue Jun 3 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-17
– Related: rhbz#1102033 mysql connector woes
– Resolves: fdo#77806 Use the common block position set for start
* Wed May 28 2014 Eike Rathke <erack@redhat.com> – 1:4.2.4.2-16
– Resolves: rhbz#1100357 crash after closing style dialog
– Resolves: rhbz#1101224 crash when clipboard-copying a sheet to HTML
– Resolves: fdo#70455 loading .xlsx some formulas with range operator are corrupted
* Fri May 23 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-15
– Resolves: rhbz#1084822 graphics missing after save and reload
* Fri May 16 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-14
– render smart-art with a vector format so it can be scaled nicely
– fix leak on pasting metafiles into office
– fix leak on pasting draw items into office
– fix another leak on scaling metric items
* Thu May 15 2014 David Tardon <dtardon@redhat.com> – 1:4.2.4.2-13
– fix SDK doc generation with doxygen 1.8.7
* Wed May 14 2014 David Tardon <dtardon@redhat.com> – 1:4.2.4.2-12
– rebuild for new poppler
* Mon May 12 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-11
– Resolves: rhbz#1096747 format->page crash on html doc
* Mon May 12 2014 David Tardon <dtardon@redhat.com> – 1:4.2.4.2-10
– Resolves: fdo#78119 bad july (červenec) month name support in czech
localization
* Mon May 12 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-9
– Resolves: rhbz#1096486 avoid access to nonexisting parent
– Resolves: rhbz#1096295 hard to distinguish slides in slide pane
* Fri May 9 2014 David Tardon <dtardon@redhat.com> – 1:4.2.4.2-8
– Resolves: rhbz#1071604 Draw depends on files from libreoffice-impress, crashes
without them
* Fri May 9 2014 Eike Rathke <erack@redhat.com> – 1:4.2.4.2-7
– Resolves: fdo#77509 memory corruption / crash in Consolidate
* Thu May 8 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-6
– center current slide after changing zoom
– add a status bar icon to fit slide to window
– Related: fdo#50697 reset the cache timeout on GetGraphic
* Thu May 8 2014 Stephan Bergmann <sbergman@redhat.com> – 1:4.2.4.2-5
– Resolves: rhbz#1092589 Thoroughly check whether JRE is still present
* Tue May 6 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-4
– clip over-long comments
* Thu May 1 2014 Eike Rathke <erack@redhat.com> – 1:4.2.4.2-3
– Resolves: fdo#78294 default null-date for document import is 1899-12-30
* Thu May 1 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.4.2-2
– better scaling of notes-using pages
* Wed Apr 30 2014 David Tardon <dtardon@redhat.com> – 1:4.2.4.2-1
– update to 4.2.4 rc2
* Fri Apr 25 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.3.3-9
– Related: rhbz#1032774 disable slide auto-exit when swithing monitors
* Thu Apr 24 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.3.3-8
– Resolves: fdo#75622 presentations with table slow to load
– Resolves: fdo#60040 rhbz#1090956 crash after undoing master page
* Tue Apr 22 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.3.3-7
– Resolves: rhbz#1089340 crash on search+replace + close + searchreplace
in calc
– Resolves: rhbz#1088625 crash in presentation console
– Resolves: rhbz#1089377 crash on loading a specific rtf
* Wed Apr 16 2014 David Tardon <dtardon@redhat.com> – 1:4.2.3.3-6
– install man pages
– Resolves: rhbz#1086714 overlarge pixmap
* Wed Apr 16 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.3.3-5
– Resolves: fdo#36815 enable printing WYSIWYG sidewindow comments
* Sat Apr 12 2014 David Tardon <dtardon@redhat.com> – 1:4.2.3.3-4
– drop filtering of provides again
* Sat Apr 12 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.3.3-3
– Related: rhbz#1081176 don’t jump to cursor pos when we don’t want to
* Fri Apr 11 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.3.3-2
– Resolves: rhbz#1081176 don’t jump to cursor pos when we don’t want to
– Related: rhbz#1085916 kde startup woes
* Sat Apr 5 2014 David Tardon <dtardon@redhat.com> – 1:4.2.3.3-1
– update to 4.2.3 rc3
* Tue Apr 1 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.3.2-3
– Related: rhbz#1075951 abrt crash in MSWordExportBase
* Mon Mar 31 2014 David Tardon <dtardon@redhat.com> – 1:4.2.3.2-2
– Resolves: rhbz#1080196 mdds/multi_type_vector_itr.hpp update_node():
soffice.bin killed by SIGSEGV
* Wed Mar 26 2014 David Tardon <dtardon@redhat.com> – 1:4.2.3.2-1
– update to 4.2.3 rc2
* Tue Mar 25 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.2.1-8
– Resolves: rhbz#1074205 crash on exporting DOCX file
– Resolves: rhbz#1075124 writerfilter: fix tables with negative left margin
– Resolves: rhbz#1077780 crash on loading a specific .docx
* Fri Mar 14 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.2.1-7
– Related: rhbz#1076264 intermittent a11y crash in calc
* Mon Mar 10 2014 Michael Stahl <mstahl@redhat.com> – 1:4.2.2.1-6
– Resolves: rhbz#988516: DOCX import: fix context stack when importing header
– Resolves: rhbz#1072553: Fix deselection problems of template view
– Resolves: rhbz#1072607: fix crash in SvxRuler::MouseMove()
– Resolves: rhbz#1043551: sw: avoid division-by-0 in Text Grid painting code
– RTF import: import field parameters
– RTF import: fix spurious page breaks at doc end
* Tue Mar 4 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.2.1-5
– Related: rhbz#1065807 wizards should find the right wizards subdir
of Template_internal, who knew this stuff was so fragile
* Mon Mar 3 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.2.1-4
– Related: rhbz#1065807 wizards should look in Template_internal
* Fri Feb 28 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.2.1-3
– Resolves: rhbz#1007697 Update on a Window deletes itself
* Fri Feb 28 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.2.1-2
– Related: rhbz#1065807 don’t throw with no “Templates” dir under KDE
* Thu Feb 27 2014 David Tardon <dtardon@redhat.com> – 1:4.2.2.1-1
– update to 4.2.2 rc1
* Thu Feb 27 2014 Stephan Bergmann <sbergman@redhat.com> – 1:4.2.1.1-4
– Resolves: fdo#75540 spadmin does not start
* Thu Feb 27 2014 David Tardon <dtardon@redhat.com> – 1:4.2.1.1-3
– Resolves: rhbz#1057977 do not crash when fonts are updated
* Tue Feb 25 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.1.1-2
– Resolves: rhbz#1065807 search XDG defined “Templates” dir
* Thu Feb 20 2014 David Tardon <dtardon@redhat.com> – 1:4.2.1.1-1
– rhbz#1059953 rebase to 4.2.1
* Tue Feb 18 2014 David Tardon <dtardon@redhat.com> – 1:4.1.5.3-2
– Resolves: rhbz#1065925 [abrt] libreoffice-core: Divide(): soffice.bin killed
by SIGFPE
* Tue Feb 11 2014 David Tardon <dtardon@redhat.com> – 1:4.1.5.3-1
– new upstream release 4.1.5
* Thu Jan 30 2014 David Tardon <dtardon@redhat.com> – 1:4.1.4.2-6
– split LibreLogo into a separate subpackage
– create a metapackage depending on all subpackages containing filters,
for use of packages like unoconv
– Resolves: rhbz#1050162 don’t draw to NULL window
– Resolves: rhbz#1017379 libreoffice impress imports animated motion paths
incorrectly from powerpoint
– Resolves: fdo#33852 Custom animation (Motionpath Left) isn’t being
imported correctly from .ppt
* Thu Jan 30 2014 David Tardon <dtardon@redhat.com> – 1:4.2.0.4-2
– split LibreLogo into a separate subpackage
– create a metapackage depending on all subpackages containing filters,
for use of packages like unoconv
* Tue Jan 28 2014 David Tardon <dtardon@redhat.com> – 1:4.2.0.4-1
– update to 4.2.0 rc4
* Fri Jan 24 2014 David Tardon <dtardon@redhat.com> – 1:4.2.0.3-3
– enable EOT support
– fix PPC build
* Thu Jan 23 2014 David Tardon <dtardon@redhat.com> – 1:4.2.0.3-2
– stop showing math and startcenter in menu (again)
* Wed Jan 22 2014 David Tardon <dtardon@redhat.com> – 1:4.2.0.3-1
– update to 4.2.0 rc3
* Mon Jan 13 2014 Caolán McNamara <caolanm@redhat.com> – 1:4.2.0.2-2
– Related: rhbz#1047871 conditional formatting doesn’t fit on screen
* Thu Jan 9 2014 David Tardon <dtardon@redhat.com> – 1:4.2.0.2-1
– update to 4.2.0 rc2
– Resolves: rhbz#1049543 Include AppData files in packages
* Tue Jan 7 2014 David Tardon <dtardon@redhat.com> – 1:4.2.0.1-1
– 4.2.0 rc1
* Wed Dec 11 2013 Caolán McNamara <caolanm@redhat.com> – 1:4.2.0.0-3.beta2
– Resolves: rhbz#1040291 Change language name from “Oriya” to “Odia”
* Wed Dec 4 2013 Caolán McNamara <caolanm@redhat.com> – 1:4.2.0.0-2.beta2
– update to 4.2.0 beta2
– Related: rhbz#1032774 bodge around reported NULL
– Resolves: rhbz#1035092 no shortcut key for Italian ‘Tools’ menu
– Resolves: rhbz#912529 Kerkis SmallCaps shown instead of Kerkis Regular
– Resolves: rhbz#1038189 refresh printer list when print dialog launched
– openssl no longer required to build
——————————————————————————–
References:
[ 1 ] Bug #1139592 – CVE-2014-3575 libreoffice: openoffice: Arbitrary file disclosure via crafted OLE objects [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1139592
——————————————————————————–
This update can be installed with the “yum” update program. Use
su -c ‘yum update libreoffice’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce
| Autor | Marijo Plepelic |
| Cert id | NCERT-REF-2014-09-0006-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
