ALT-BU-2024-1131-1
Branch p10 update bulletin.
Package kde5-kalarm updated to version 23.08.4-alt1 for branch p10 in task 334679.
Closed bugs
Некорректно показывается имя в kalarm при удалении календаря
Closed bugs
Ошибка при сохранении файла
Package kde5-calindori updated to version 23.08.4-alt2 for branch p10 in task 334679.
Closed bugs
Ошибка сегментирования при удалении события/задачи
Package kde5-zanshin updated to version 23.08.4-alt2 for branch p10 in task 334679.
Closed bugs
Segmentation fault у zanshin-migrator при запуске kde5-zanshin
Package LibreOffice-still updated to version 7.5.9.2-alt1.p10.1 for branch p10 in task 337205.
Closed vulnerabilities
BDU:2023-08655
Уязвимость пакета офисных программ LibreOffice, связанная с возможностью внедрения кода или данных, позволяющая нарушителю выполнить произвольный код
BDU:2023-08957
Уязвимость модуля Gstreamer пакета офисных программ LibreOffice, позволяющая нарушителю запускать произвольные плагины Gstreamer
Modified: 2025-02-13
CVE-2023-6185
Improper Input Validation vulnerability in GStreamer integration of The Document Foundation LibreOffice allows an attacker to execute arbitrary GStreamer plugins. In affected versions the filename of the embedded video is not sufficiently escaped when passed to GStreamer enabling an attacker to run arbitrary gstreamer plugins depending on what plugins are installed on the target system.
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/
- https://www.debian.org/security/2023/dsa-5574
- https://www.debian.org/security/2023/dsa-5574
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6185
Modified: 2025-02-13
CVE-2023-6186
Insufficient macro permission validation of The Document Foundation LibreOffice allows an attacker to execute built-in macros without warning. In affected versions LibreOffice supports hyperlinks with macro or similar built-in command targets that can be executed when activated without warning the user.
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
- https://lists.debian.org/debian-lts-announce/2023/12/msg00026.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QB7UB6CTWQUDOE657OVVRSDYUY3IPBJG/
- https://www.debian.org/security/2023/dsa-5574
- https://www.debian.org/security/2023/dsa-5574
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186
- https://www.libreoffice.org/about-us/security/advisories/cve-2023-6186
Closed bugs
Сломалась сборка Libreoffice-still
Package branding-alt-starterkit updated to version 10-alt5 for branch p10 in task 338059.
Closed bugs
Написано, что ALT Starterkit является дистрибутивом