Summary: | security/vuxml: Document vulnerability in LibreOffice (CVE-2018-6871 / CVE-2018-1055) | ||||||
---|---|---|---|---|---|---|---|
Product: | Ports & Packages | Reporter: | VK <vlad-fbsd> | ||||
Component: | Individual Port(s) | Assignee: | Ports Security Team <ports-secteam> | ||||
Status: | Closed FIXED | ||||||
Severity: | Affects Many People | CC: | dbaio, jkim, office | ||||
Priority: | --- | Keywords: | patch, security | ||||
Version: | Latest | Flags: | bugzilla:
maintainer-feedback?
(ports-secteam) |
||||
Hardware: | Any | ||||||
OS: | Any | ||||||
URL: | https://www.libreoffice.org/about-us/security/advisories/cve-2018-1055/ | ||||||
See Also: | https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224288 | ||||||
Attachments: |
|
Description
VK
2018-02-09 23:46:25 UTC
A commit references this bug: Author: dbaio Date: Fri Feb 23 22:00:39 UTC 2018 New revision: 462748 URL: https://svnweb.freebsd.org/changeset/ports/462748 Log: security/vuxml: Document vulnerability in editors/libreoffice Security: CVE-2018-6871 PR: 225797 Submitted by: Vladimir Krstulja <vlad-fbsd@acheronmedia.com> Changes: head/security/vuxml/vuln.xml Committed, I removed all language packs because they depend of libreoffice. Thanks! (In reply to Danilo G. Baio from comment #2) Thanks. Are you sure that's correct? I did not list language packs (editors/libreoffice-<lang>), that are separate packages that DO pull in libreoffice; but individual language based slave ports. Those do not pull in libreoffice, those ARE libreoffice, in specific langs with PGNAMEPREFIX. (In reply to Vladimir Krstulja from comment #3) Yes, <language>/libreoffice ports are also language packs. |