[14:12] <mdeslaur> ricotz: hi! any idea if CVE-2024-7788 affects libreoffice older than 24.2? the cve description says "from 24.2" but I'm not sure that's accurate
[14:12] -ubottu:#ubuntu-security- Improper Digital Signature Invalidation vulnerability in Zip Repair Mode of The Document Foundation LibreOffice allows Signature forgery vulnerability in LibreOfficeThis issue affects LibreOffice: from 24.2 before < 24.2.5. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7788>
[14:59] <ricotz> mdeslaur, hi, afaics, no, it doesn't affect earlier versions
[15:01] <mdeslaur> ricotz: thanks, I'll update our CVE tracker
[15:02] <ricotz> mdeslaur, I going to take a deeper look
[15:02] <mdeslaur> ok, let me know, thanks!
[15:03] <ricotz> mdeslaur, while this is called a regression fix for 24.2.x, this still seems to be a valid change
[15:09] <ricotz> mdeslaur, I am going to prepare patches for focal/jammy
[15:10] <mdeslaur> sweet, thanks
=== crazybyte26 is now known as crazybyte2
[15:46] <ricotz> mdeslaur, https://bugs.launchpad.net/ubuntu/+source/libreoffice/+bug/2081078
[15:46] -ubottu:#ubuntu-security- Launchpad bug 2081078 in libreoffice (Ubuntu Jammy) "CVE-2024-7788" [Medium, In Progress]
[15:47] <mdeslaur> ricotz: w00t, thanks!