Attachment #190471 for bug #225797

View | Details | Raw Unified | Return to bug 225797
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="289269f1-0def-11e8-99b0-d017c2987f9a">
    <topic>LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula</topic>
    <affects>
      <package>
	<name>libreoffice</name>
	<name>ar-libreoffice</name>
	<name>de-libreoffice</name>
	<name>fr-libreoffice</name>
	<name>hu-libreoffice</name>
	<name>iw-libreoffice</name>
	<name>ja-libreoffice</name>
	<name>ko-libreoffice</name>
	<name>pl-libreoffice</name>
	<name>pt-libreoffice</name>
	<name>ru-libreoffice</name>
	<name>uk-libreoffice</name>
	<name>vi-libreoffice</name>
	<name>zh-libreoffice</name>
	<range><ge>5.0.0</ge><lt>5.4.5</lt></range>
	<range><ge>6.0.0</ge><lt>6.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>LibreOffice reports:</p>
	<blockquote cite="https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/">
	  <p>LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
	     Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file
	     URL (e.g file://) which can be used to inject local files into the
	     spreadsheet without warning the user. Subsequent formulas can operate on
	     that inserted data and construct a remote URL whose path leaks the local
	     data to a remote attacker.</p>
	  <p>In later versions of LibreOffice without this flaw, WEBSERVICE has now
	     been limited to accessing http and https URLs along with bringing
	     WEBSERVICE URLs under LibreOffice Calc's link management infrastructure.</p>
	   <p><strong>Note:</strong> This vulnerability has been identified upstream
	     as CVE-2018-1055, but NVD/Mitre are advising it's a reservation
	     duplicate of CVE-2018-6871 which should be used instead.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/</url>
      <url>https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure</url>
      <cvename>CVE-2018-6871</cvename>
    </references>
    <dates>
      <discovery>2018-02-09</discovery>
      <entry>2018-02-09</entry>
    </dates>
  </vuln>

  <vuln vid="3ee6e521-0d32-11e8-99b0-d017c2987f9a">
    <topic>mpv -- arbitrary code execution via crafted website</topic>
    <affects>

Return to bug 225797

Lines 58-63 Link Here

(-)security/vuxml/vuln.xml (+52 lines)
58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	58	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="289269f1-0def-11e8-99b0-d017c2987f9a">
		62	<topic>LibreOffice -- Remote arbitrary file disclosure vulnerability via WEBSERVICE formula</topic>
		63	<affects>
		64	<package>
		65	<name>libreoffice</name>
		66	<name>ar-libreoffice</name>
		67	<name>de-libreoffice</name>
		68	<name>fr-libreoffice</name>
		69	<name>hu-libreoffice</name>
		70	<name>iw-libreoffice</name>
		71	<name>ja-libreoffice</name>
		72	<name>ko-libreoffice</name>
		73	<name>pl-libreoffice</name>
		74	<name>pt-libreoffice</name>
		75	<name>ru-libreoffice</name>
		76	<name>uk-libreoffice</name>
		77	<name>vi-libreoffice</name>
		78	<name>zh-libreoffice</name>
		79	<range><ge>5.0.0</ge><lt>5.4.5</lt></range>
		80	<range><ge>6.0.0</ge><lt>6.0.1</lt></range>
		81	</package>
		82	</affects>
		83	<description>
		84	<body xmlns="http://www.w3.org/1999/xhtml">
		85	<p>LibreOffice reports:</p>
		86	<blockquote cite="https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/">
		87	<p>LibreOffice Calc supports a WEBSERVICE function to obtain data by URL.
		88	Vulnerable versions of LibreOffice allow WEBSERVICE to take a local file
		89	URL (e.g file://) which can be used to inject local files into the
		90	spreadsheet without warning the user. Subsequent formulas can operate on
		91	that inserted data and construct a remote URL whose path leaks the local
		92	data to a remote attacker.</p>
		93	<p>In later versions of LibreOffice without this flaw, WEBSERVICE has now
		94	been limited to accessing http and https URLs along with bringing
		95	WEBSERVICE URLs under LibreOffice Calc's link management infrastructure.</p>
		96	<p><strong>Note:</strong> This vulnerability has been identified upstream
		97	as CVE-2018-1055, but NVD/Mitre are advising it's a reservation
		98	duplicate of CVE-2018-6871 which should be used instead.</p>
		99	</blockquote>
		100	</body>
		101	</description>
		102	<references>
		103	<url>https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/</url>
		104	<url>https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure</url>
		105	<cvename>CVE-2018-6871</cvename>
		106	</references>
		107	<dates>
		108	<discovery>2018-02-09</discovery>
		109	<entry>2018-02-09</entry>
		110	</dates>
		111	</vuln>
		112
61	<vuln vid="3ee6e521-0d32-11e8-99b0-d017c2987f9a">	113	<vuln vid="3ee6e521-0d32-11e8-99b0-d017c2987f9a">
62	<topic>mpv -- arbitrary code execution via crafted website</topic>	114	<topic>mpv -- arbitrary code execution via crafted website</topic>
63	<affects>	115	<affects>