*** This bug is a security vulnerability *** Public security bug reported:
CVE-2025-2866: PDF signature forgery with adbe.pkcs7.sha1 SubFilter https://www.libreoffice.org/about-us/security/advisories/cve-2025-2866/ https://gerrit.libreoffice.org/c/core/+/183059 https://ubuntu.com/security/CVE-2025-2866 * Oracular 24.10: Fix is included in 24.8.6 SRU - https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2098640 - no-change rebuild for security pocket required * Noble 24.04: Backport of patch to 24.2.7 required - ... * Jammy 22.04: Backport of patch to 7.3.7 required - ... * Focal 20.04: Backport of patch to 6.4.7 required - ... ** Affects: libreoffice (Ubuntu) Importance: Undecided Status: Fix Released ** Affects: libreoffice (Ubuntu Focal) Importance: High Status: New ** Affects: libreoffice (Ubuntu Jammy) Importance: High Status: New ** Affects: libreoffice (Ubuntu Noble) Importance: High Status: New ** Affects: libreoffice (Ubuntu Oracular) Importance: High Status: In Progress ** Affects: libreoffice (Ubuntu Plucky) Importance: Undecided Status: Fix Released ** Affects: libreoffice (Ubuntu Questing) Importance: Undecided Status: Fix Released ** Also affects: libreoffice (Ubuntu Oracular) Importance: Undecided Status: New ** Also affects: libreoffice (Ubuntu Noble) Importance: Undecided Status: New ** Also affects: libreoffice (Ubuntu Jammy) Importance: Undecided Status: New ** Also affects: libreoffice (Ubuntu Plucky) Importance: Undecided Status: New ** Also affects: libreoffice (Ubuntu Focal) Importance: Undecided Status: New ** Also affects: libreoffice (Ubuntu Questing) Importance: Undecided Status: New ** Changed in: libreoffice (Ubuntu Questing) Status: New => Fix Released ** Changed in: libreoffice (Ubuntu Plucky) Status: New => Fix Released ** Changed in: libreoffice (Ubuntu Focal) Importance: Undecided => High ** Changed in: libreoffice (Ubuntu Jammy) Importance: Undecided => High ** Changed in: libreoffice (Ubuntu Noble) Importance: Undecided => High ** Changed in: libreoffice (Ubuntu Oracular) Status: New => In Progress ** Changed in: libreoffice (Ubuntu Oracular) Importance: Undecided => High -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to libreoffice in Ubuntu. https://bugs.launchpad.net/bugs/2109955 Title: CVE-2025-2866 Status in libreoffice package in Ubuntu: Fix Released Status in libreoffice source package in Focal: New Status in libreoffice source package in Jammy: New Status in libreoffice source package in Noble: New Status in libreoffice source package in Oracular: In Progress Status in libreoffice source package in Plucky: Fix Released Status in libreoffice source package in Questing: Fix Released Bug description: CVE-2025-2866: PDF signature forgery with adbe.pkcs7.sha1 SubFilter https://www.libreoffice.org/about- us/security/advisories/cve-2025-2866/ https://gerrit.libreoffice.org/c/core/+/183059 https://ubuntu.com/security/CVE-2025-2866 * Oracular 24.10: Fix is included in 24.8.6 SRU - https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2098640 - no-change rebuild for security pocket required * Noble 24.04: Backport of patch to 24.2.7 required - ... * Jammy 22.04: Backport of patch to 7.3.7 required - ... * Focal 20.04: Backport of patch to 6.4.7 required - ... To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2109955/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
