Ubuntu
libreoffice package

[SRU] libreoffice 7.5.9 for lunar

Bug #2044369 reported by Rico Tzschichholz
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libreoffice (Ubuntu)
Fix Released
Undecided
Unassigned
Lunar
Fix Released
Medium
Rico Tzschichholz

Bug Description

[Impact]

 * LibreOffice 7.5.9 is in its ninth and last bugfix release of the 7.5 line:
     https://wiki.documentfoundation.org/ReleasePlan/7.5#7.5.9_release

 * Version 7.5.8 is currently released in lunar. For a list of fixed bugs compared to 7.5.8 see the list of bugs fixed in the release candidates of 7.5.9 (that's a total of ? bugs):
     https://wiki.documentfoundation.org/Releases/7.5.9/RC1#List_of_fixed_bugs
     https://wiki.documentfoundation.org/Releases/7.5.9/RC2#List_of_fixed_bugs

     7.5.9 RC2 is identical to the 7.5.9 release

 * Given the nature of the project, the complexity of the codebase and the high level of quality assurance upstream, it is preferable to SRU a minor release rather than cherry-pick selected bug fixes.

[Testing]

 * Upstream testing. Bugs fixed upstream typically include unit/regression tests, and the release itself is extensively exercised (both in an automated manner and manually).

  * A recent set of upstream's automated jenkins testing can be found here:
    https://ci.libreoffice.org/job/gerrit_75/1776/

  * More information about the upstream QA testing can be found here:
    * Automated tests
      https://wiki.documentfoundation.org/QA/Testing/Automated_Tests
    * Automated UI tests
      https://wiki.documentfoundation.org/Development/UITests
    * Regression tests
      https://wiki.documentfoundation.org/QA/Testing/Regression_Tests
    * Feature tests
      https://wiki.documentfoundation.org/QA/Testing/Feature_Tests

 * Launchpad testing. The libreoffice packages include autopkgtests that were run and verified as passing.
    Tested build can be found at https://launchpad.net/~ricotz/+archive/ubuntu/ppa/+sourcepub/15402714/+listing-archive-extra
    * [amd64] https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ricotz-ppa/lunar/amd64/libr/libreoffice/20231130_032215_7d344@/log.gz
    * [arm64] https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ricotz-ppa/lunar/arm64/libr/libreoffice/20231130_110658_1779c@/log.gz
    * [armhf] ... (autopkgtests infra problems on this arch)
    * [ppc64el] https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ricotz-ppa/lunar/ppc64el/libr/libreoffice/20231129_180258_07169@/log.gz
    * [riscv64] not available
    * [s390x] https://autopkgtest.ubuntu.com/results/autopkgtest-lunar-ricotz-ppa/lunar/s390x/libr/libreoffice/20231130_024056_ac67e@/log.gz
 * General smoke testing of all the applications in the office suite were carried out by going through the manual testplan as documented by: https://wiki.ubuntu.com/Process/Merges/TestPlans/libreoffice

[Regression Potential]

 * A minor release with a total of ? bug fixes always carries the potential for introducing regressions, even though it is a bugfix-only release, meaning that no new features were added, and no existing features were removed.

 * A combination of autopkgtests and careful smoke testing as described above should provide reasonable confidence that no regressions sneaked in.

See original description

CVE References

Rico Tzschichholz (ricotz)
Changed in libreoffice (Ubuntu Lunar):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Rico Tzschichholz (ricotz)
Changed in libreoffice (Ubuntu):
status: New → Fix Released
Rico Tzschichholz (ricotz)
description: updated
Rico Tzschichholz (ricotz)
description: updated
Rico Tzschichholz (ricotz)
description: updated
Rico Tzschichholz (ricotz)
description: updated
Rico Tzschichholz (ricotz)
description: updated
Revision history for this message
Rico Tzschichholz (ricotz) wrote :

For reference https://git.launchpad.net/~libreoffice/ubuntu/+source/libreoffice/log/?h=wip/lunar-7.5

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libreoffice - 4:7.5.9-0ubuntu0.23.04.1

---------------
libreoffice (4:7.5.9-0ubuntu0.23.04.1) lunar-security; urgency=medium

  * New upstream release (LP: #2044369)
  * SECURITY UPDATE: Improper input validation enabling arbitrary Gstreamer
    pipeline injection
    - CVE-2023-6185
  * SECURITY UPDATE: Link targets allow arbitrary script execution
    - CVE-2023-6186

  [ Rico Tzschichholz ]
  * patches/CppunitTest_desktop_lib-adjust-asserts-so-this-works.patch:
    - Usage of expired certificates in CppunitTest_desktop_lib:
      adjust asserts so this works again

  [ Rene Engelhard ]
  * debian/rules:
    - Re-enable cmis; bump libcmis build-dep to >= 0.6.1

 -- Rico Tzschichholz <email address hidden> Tue, 28 Nov 2023 20:57:57 +0100

Changed in libreoffice (Ubuntu Lunar):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.