[Bug 2071624] [NEW] CVE-2024-5261

Mon, 01 Jul 2024 07:40:36 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:
CVE-2024-5261: "TLS certificate are not properly verified when utilizing
LibreOfficeKit"

https://www.libreoffice.org/about-us/security/advisories/cve-2024-5261/

https://cgit.freedesktop.org/libreoffice/core/commit/?id=fa4ceeb487f89671efc8bf533192bf237c35b51e
https://gerrit.libreoffice.org/c/core/+/167753

https://ubuntu.com/security/CVE-2024-5261

* Noble 24.04:
  - Fix is included in 24.2.4 SRU
  - https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2068562
* Mantic 23.10:
  - Backport of patch to 7.6.7 required
  - 
https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/mantic-7.6
* Jammy 22.04:
  - 7.3.7 not affected
* Focal 20.04:
  - 6.4.7 not affected

** Affects: libreoffice (Ubuntu)
     Importance: Undecided
         Status: Fix Released

** Affects: libreoffice (Ubuntu Mantic)
     Importance: Medium
     Assignee: Rico Tzschichholz (ricotz)
         Status: In Progress

** Affects: libreoffice (Ubuntu Noble)
     Importance: Medium
         Status: In Progress

** Affects: libreoffice (Ubuntu Oracular)
     Importance: Undecided
         Status: Fix Released

** Also affects: libreoffice (Ubuntu Noble)
   Importance: Undecided
       Status: New

** Also affects: libreoffice (Ubuntu Oracular)
   Importance: Undecided
       Status: New

** Also affects: libreoffice (Ubuntu Mantic)
   Importance: Undecided
       Status: New

** Changed in: libreoffice (Ubuntu Mantic)
       Status: New => Fix Released

** Changed in: libreoffice (Ubuntu Noble)
       Status: New => In Progress

** Changed in: libreoffice (Ubuntu Oracular)
       Status: New => In Progress

** Changed in: libreoffice (Ubuntu Mantic)
       Status: Fix Released => In Progress

** Changed in: libreoffice (Ubuntu Oracular)
       Status: In Progress => Fix Released

** Changed in: libreoffice (Ubuntu Mantic)
     Assignee: (unassigned) => Rico Tzschichholz (ricotz)

** Changed in: libreoffice (Ubuntu Mantic)
   Importance: Undecided => Medium

** Changed in: libreoffice (Ubuntu Noble)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2071624

Title:
  CVE-2024-5261

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2071624/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to