211100 – editors/libreoffice: Update to latest version, security vulnerability (CVE-2016-4324)

Bug 211100 - editors/libreoffice: Update to latest version, security vulnerability (CVE-2016-4324)

Summary: editors/libreoffice: Update to latest version, security vulnerability (CVE-20...

Status:	Closed Overcome By Events

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Some People
Assignee:	Ports Security Team

URL:	http://www.libreoffice.org/about-us/s...
Keywords:	needs-patch, security

Depends on:	211111
Blocks:
	Show dependency tree / graph

Reported:	2016-07-13 23:30 UTC by Sevan Janiyan
Modified:	2018-02-23 21:08 UTC (History)
CC List:	6 users (show)

See Also:

Flags:	bugzilla: maintainer-feedback? (office) koobs: merge-quarterly-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sevan Janiyan 2016-07-13 23:30:00 UTC

Missing vuxml entry
http://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/

Comment 1 Kubilay Kocak freebsd_committer

2016-07-14 12:25:19 UTC

@Sevan, is the port itself still vulnerable, or only missing a VuXML entry?

If the latter, please update the summary to "security/vuxml: Missing entry for editors/libreoffice: CVE-2016-4324"

Comment 2 Sevan Janiyan 2016-07-14 12:37:25 UTC

(In reply to Kubilay Kocak from comment #1)

Yes, the port itself is still vulnerable, according to the advisory linked above "All users are recommended to upgrade to LibreOffice >= 5.1.4"

Version in ports is 5.0.6

Comment 3 Kubilay Kocak freebsd_committer

2016-07-14 12:45:25 UTC

Will create a separate issue for the security/vuxml update so it can be committed independently.

Comment 4 Vladimir Druzenko freebsd_committer

2016-10-17 02:13:52 UTC

Any progress?

There is 5.2.2 version already.

Comment 5 Vladimir Druzenko freebsd_committer

2016-11-14 12:23:13 UTC

5.2.3 in ports already, thanks!

Comment 6 Kubilay Kocak freebsd_committer

2016-11-14 13:12:09 UTC

Maintainer timeout (4 months)

Over to Ports Secteam for resolution confirmation

Comment 7 Baptiste Daroussin freebsd_committer

2016-11-14 13:47:18 UTC

Note that is cannot be merged to quarterly (requires too many upgrades in the ports tree) :(

Comment 8 Walter Schwarzenfeld freebsd_triage

2018-01-08 15:03:37 UTC

I think could be closed libreoffice has 5.3.7.2.0.

Comment 9 Danilo G. Baio freebsd_committer

2018-02-23 21:08:52 UTC

This one was fixed.

There is another security vulnerability (bug 225797), and an update pending (bug 224288).