| mdeslaur | ricotz: hi! any idea if CVE-2024-7788 affects libreoffice older than 24.2? the cve description says "from 24.2" but I'm not sure that's accurate | 14:12 |
|---|---|---|
| -ubottu:#ubuntu-security- Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7788> | 14:12 | |
| ricotz | mdeslaur, hi, afaics, no, it doesn't affect earlier versions | 14:59 |
| mdeslaur | ricotz: thanks, I'll update our CVE tracker | 15:01 |
| ricotz | mdeslaur, I going to take a deeper look | 15:02 |
| mdeslaur | ok, let me know, thanks! | 15:02 |
| ricotz | mdeslaur, while this is called a regression fix for 24.2.x, this still seems to be a valid change | 15:03 |
| ricotz | mdeslaur, I am going to prepare patches for focal/jammy | 15:09 |
| mdeslaur | sweet, thanks | 15:10 |
| === crazybyte26 is now known as crazybyte2 | ||
| ricotz | mdeslaur, https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2081078 | 15:46 |
| -ubottu:#ubuntu-security- Launchpad bug 2081078 in libreoffice (Ubuntu Jammy) "CVE-2024-7788" [Medium, In Progress] | 15:46 | |
| mdeslaur | ricotz: w00t, thanks! | 15:47 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!