Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: Libreoffice-still: Security issue, needs update to version 7.6.7 in the repos. (Read 505 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

Libreoffice-still: Security issue, needs update to version 7.6.7 in the repos.

Due to a security issue in LibreOffice, I think you (package maintainer of libreoffice-still should quickly update libreoffice-still in the repositories from current version 7.6.6 to new upstrean release 7.6.7 (skipping the "gremlins" phase to give users the version where the security issue is fixed)

Re: Libreoffice-still: Security issue, needs update to version 7.6.7 in the repos.

Reply #2
Quote from: Artist – on
there's no CVE or security issue mentioned at https://wiki.documentfoundation.org/Releases/7.6.7/RC1
If you need to be provided information by LibreOffice themselves, then see https://www.libreoffice.org/about-us/security/advisories/CVE-2024-3044:
Quote
Fixed in: LibreOffice 7.6.7/24.2.3

Re: Libreoffice-still: Security issue, needs update to version 7.6.7 in the repos.

Reply #3
it's 7.6.6-4 in extra, and the same in galaxy, so at the mo., its up to date following the Arch version as packages generally do.  (flagged out of date and 7.6.6-5 is in testing by  the looks of it).

Re: Libreoffice-still: Security issue, needs update to version 7.6.7 in the repos.

Reply #4
Quote from: gavincc – on
it's 7.6.6-4 in extra, and the same in galaxy, so at the mo., its up to date following the Arch version as packages generally do.  (flagged out of date and 7.6.6-5 is in testing by  the looks of it).
According to libreoffice, 7.6.6-x will not fix the issue (except if -4 backports the patch).

Anyway, I think security wise Artix should not only follow but also act by itself (also sometimes other packages are not directly followed).

Re: Libreoffice-still: Security issue, needs update to version 7.6.7 in the repos.

Reply #5
Now it is at 7.6.7.

Re: Libreoffice-still: Security issue, needs update to version 7.6.7 in the repos.

Reply #6
This "CVE", which literally reads "Graphic on-click binding allows unchecked script execution", falls into the same category as "I run random bash scripts I download from keygen sites, as root in production servers". Let's not make it such a big deal.