Comment 1 Kubilay Kocak 2016-07-14 12:25:19 UTC

@Sevan, is the port itself still vulnerable, or only missing a VuXML entry?

If the latter, please update the summary to "security/vuxml: Missing entry for editors/libreoffice: CVE-2016-4324"

(In reply to Kubilay Kocak from comment #1)

Yes, the port itself is still vulnerable, according to the advisory linked above "All users are recommended to upgrade to LibreOffice >= 5.1.4"

Version in ports is 5.0.6

Comment 3 Kubilay Kocak 2016-07-14 12:45:25 UTC

Will create a separate issue for the security/vuxml update so it can be committed independently.

Comment 4 Vladimir Druzenko 2016-10-17 02:13:52 UTC

Any progress?

There is 5.2.2 version already.

Comment 5 Vladimir Druzenko 2016-11-14 12:23:13 UTC

5.2.3 in ports already, thanks!

Comment 6 Kubilay Kocak 2016-11-14 13:12:09 UTC

Maintainer timeout (4 months)

Over to Ports Secteam for resolution confirmation

Comment 7 Baptiste Daroussin 2016-11-14 13:47:18 UTC

Note that is cannot be merged to quarterly (requires too many upgrades in the ports tree) :(

I think could be closed libreoffice has 5.3.7.2.0.

Comment 9 Danilo G. Baio 2018-02-23 21:08:52 UTC

This one was fixed.

There is another security vulnerability (bug 225797), and an update pending (bug 224288).