diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-03 15:48:28 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-06-03 15:48:28 +0000 |
| commit | 94d68ba907e662f1daff89a8bd24a9f29c859dea (patch) | |
| tree | 13a0c8e8bcead7bd1906e3595623e00428b2a1e4 | |
| parent | Adding debian version 1:7.0.4-4+deb11u8. (diff) | |
| download | libreoffice-debian.tar.xz libreoffice-debian.zip | |
Adding debian version 1:7.0.4-4+deb11u9.debian/1%7.0.4-4+deb11u9debian
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
| -rw-r--r-- | debian/changelog | 8 | ||||
| -rw-r--r-- | debian/patches/add-notify-for-script-use.diff | 27 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
3 files changed, 36 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index e4a85395b..54de74101 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +libreoffice (1:7.0.4-4+deb11u9) bullseye-security; urgency=high + + * debian/patches/add-notify-for-script-use.diff: add fix for + CVE-2024-3044 ("Graphic on-click binding allows unchecked script + execution") + + -- Rene Engelhard <rene@debian.org> Mon, 01 Apr 2024 11:06:03 +0200 + libreoffice (1:7.0.4-4+deb11u8) bullseye-security; urgency=high * debian/patches/escape-url-passed-to-gstreamer.diff: add from diff --git a/debian/patches/add-notify-for-script-use.diff b/debian/patches/add-notify-for-script-use.diff new file mode 100644 index 000000000..6d5b4f042 --- /dev/null +++ b/debian/patches/add-notify-for-script-use.diff @@ -0,0 +1,27 @@ +From 8b2402b16df185119c91222b33ff1b8d55e0afe4 Mon Sep 17 00:00:00 2001 +From: Caolán McNamara <caolan.mcnamara@collabora.com> +Date: Wed, 27 Mar 2024 17:07:20 +0000 +Subject: add notify for script use + +Change-Id: I84af197cec7755f6803a578e1e21c03966ad5f3e +Reviewed-on: https://gerrit.libreoffice.org/c/core/+/165412 +Tested-by: Jenkins +Reviewed-by: Xisco Fauli <xiscofauli@libreoffice.org> +--- + xmloff/source/draw/eventimp.cxx | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/xmloff/source/draw/eventimp.cxx b/xmloff/source/draw/eventimp.cxx +index 2b8921ee27fa..2a6ce1fa2381 100644 +--- a/xmloff/source/draw/eventimp.cxx ++++ b/xmloff/source/draw/eventimp.cxx +@@ -210,6 +210,9 @@ SdXMLEventContext::SdXMLEventContext( SvXMLImport& rImp, + + if( maData.mbValid ) + maData.mbValid = !sEventName.isEmpty(); ++ ++ if (!maData.msMacroName.isEmpty()) ++ rImp.NotifyMacroEventRead(); + } + + SvXMLImportContextRef SdXMLEventContext::CreateChildContext( sal_uInt16 nPrefix, const OUString& rLocalName, const Reference< XAttributeList>& xAttrList ) diff --git a/debian/patches/series b/debian/patches/series index 1e2a8909c..acff7ef0c 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -76,3 +76,4 @@ ignore-LO-special-purpose-hyperlinks-per-default.diff reuse-AllowedLinkProtocolFromDocument-1.diff reuse-AllowedLinkProtocolFromDocument-2.diff work-around-expired-certificiate-in-test.diff +add-notify-for-script-use.diff |