{"affected":[{"ecosystem_specific":{"binaries":[{"libreoffice":"6.2.6.2-3.21.1","libreoffice-base":"6.2.6.2-3.21.1","libreoffice-base-drivers-postgresql":"6.2.6.2-3.21.1","libreoffice-branding-upstream":"6.2.6.2-3.21.1","libreoffice-calc":"6.2.6.2-3.21.1","libreoffice-calc-extensions":"6.2.6.2-3.21.1","libreoffice-draw":"6.2.6.2-3.21.1","libreoffice-filters-optional":"6.2.6.2-3.21.1","libreoffice-gnome":"6.2.6.2-3.21.1","libreoffice-gtk3":"6.2.6.2-3.21.1","libreoffice-icon-themes":"6.2.6.2-3.21.1","libreoffice-impress":"6.2.6.2-3.21.1","libreoffice-l10n-af":"6.2.6.2-3.21.1","libreoffice-l10n-ar":"6.2.6.2-3.21.1","libreoffice-l10n-as":"6.2.6.2-3.21.1","libreoffice-l10n-bg":"6.2.6.2-3.21.1","libreoffice-l10n-bn":"6.2.6.2-3.21.1","libreoffice-l10n-br":"6.2.6.2-3.21.1","libreoffice-l10n-ca":"6.2.6.2-3.21.1","libreoffice-l10n-cs":"6.2.6.2-3.21.1","libreoffice-l10n-cy":"6.2.6.2-3.21.1","libreoffice-l10n-da":"6.2.6.2-3.21.1","libreoffice-l10n-de":"6.2.6.2-3.21.1","libreoffice-l10n-dz":"6.2.6.2-3.21.1","libreoffice-l10n-el":"6.2.6.2-3.21.1","libreoffice-l10n-en":"6.2.6.2-3.21.1","libreoffice-l10n-eo":"6.2.6.2-3.21.1","libreoffice-l10n-es":"6.2.6.2-3.21.1","libreoffice-l10n-et":"6.2.6.2-3.21.1","libreoffice-l10n-eu":"6.2.6.2-3.21.1","libreoffice-l10n-fa":"6.2.6.2-3.21.1","libreoffice-l10n-fi":"6.2.6.2-3.21.1","libreoffice-l10n-fr":"6.2.6.2-3.21.1","libreoffice-l10n-ga":"6.2.6.2-3.21.1","libreoffice-l10n-gl":"6.2.6.2-3.21.1","libreoffice-l10n-gu":"6.2.6.2-3.21.1","libreoffice-l10n-he":"6.2.6.2-3.21.1","libreoffice-l10n-hi":"6.2.6.2-3.21.1","libreoffice-l10n-hr":"6.2.6.2-3.21.1","libreoffice-l10n-hu":"6.2.6.2-3.21.1","libreoffice-l10n-it":"6.2.6.2-3.21.1","libreoffice-l10n-ja":"6.2.6.2-3.21.1","libreoffice-l10n-kk":"6.2.6.2-3.21.1","libreoffice-l10n-kn":"6.2.6.2-3.21.1","libreoffice-l10n-ko":"6.2.6.2-3.21.1","libreoffice-l10n-lt":"6.2.6.2-3.21.1","libreoffice-l10n-lv":"6.2.6.2-3.21.1","libreoffice-l10n-mai":"6.2.6.2-3.21.1","libreoffice-l10n-ml":"6.2.6.2-3.21.1","libreoffice-l10n-mr":"6.2.6.2-3.21.1","libreoffice-l10n-nb":"6.2.6.2-3.21.1","libreoffice-l10n-nl":"6.2.6.2-3.21.1","libreoffice-l10n-nn":"6.2.6.2-3.21.1","libreoffice-l10n-nr":"6.2.6.2-3.21.1","libreoffice-l10n-nso":"6.2.6.2-3.21.1","libreoffice-l10n-or":"6.2.6.2-3.21.1","libreoffice-l10n-pa":"6.2.6.2-3.21.1","libreoffice-l10n-pl":"6.2.6.2-3.21.1","libreoffice-l10n-pt_BR":"6.2.6.2-3.21.1","libreoffice-l10n-pt_PT":"6.2.6.2-3.21.1","libreoffice-l10n-ro":"6.2.6.2-3.21.1","libreoffice-l10n-ru":"6.2.6.2-3.21.1","libreoffice-l10n-si":"6.2.6.2-3.21.1","libreoffice-l10n-sk":"6.2.6.2-3.21.1","libreoffice-l10n-sl":"6.2.6.2-3.21.1","libreoffice-l10n-sr":"6.2.6.2-3.21.1","libreoffice-l10n-ss":"6.2.6.2-3.21.1","libreoffice-l10n-st":"6.2.6.2-3.21.1","libreoffice-l10n-sv":"6.2.6.2-3.21.1","libreoffice-l10n-ta":"6.2.6.2-3.21.1","libreoffice-l10n-te":"6.2.6.2-3.21.1","libreoffice-l10n-th":"6.2.6.2-3.21.1","libreoffice-l10n-tn":"6.2.6.2-3.21.1","libreoffice-l10n-tr":"6.2.6.2-3.21.1","libreoffice-l10n-ts":"6.2.6.2-3.21.1","libreoffice-l10n-uk":"6.2.6.2-3.21.1","libreoffice-l10n-ve":"6.2.6.2-3.21.1","libreoffice-l10n-xh":"6.2.6.2-3.21.1","libreoffice-l10n-zh_CN":"6.2.6.2-3.21.1","libreoffice-l10n-zh_TW":"6.2.6.2-3.21.1","libreoffice-l10n-zu":"6.2.6.2-3.21.1","libreoffice-mailmerge":"6.2.6.2-3.21.1","libreoffice-math":"6.2.6.2-3.21.1","libreoffice-officebean":"6.2.6.2-3.21.1","libreoffice-pyuno":"6.2.6.2-3.21.1","libreoffice-writer":"6.2.6.2-3.21.1","libreoffice-writer-extensions":"6.2.6.2-3.21.1","libreofficekit":"6.2.6.2-3.21.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 15","name":"libreoffice","purl":"pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.2.6.2-3.21.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libreoffice fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861).\n- CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862).\n- CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105).\n- CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107).\n- CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098).\n\nNon-security issue fixed:\n\n- SmartArt: Basic rendering of Trapezoid List (bsc#1133534)\n","id":"SUSE-SU-2019:2231-1","modified":"2019-08-28T05:59:11Z","published":"2019-08-28T05:59:11Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192231-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133534"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141861"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141862"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146098"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146105"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146107"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9848"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9849"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9850"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9851"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9852"}],"related":["CVE-2019-9848","CVE-2019-9849","CVE-2019-9850","CVE-2019-9851","CVE-2019-9852"],"summary":"Security update for libreoffice","upstream":["CVE-2019-9848","CVE-2019-9849","CVE-2019-9850","CVE-2019-9851","CVE-2019-9852"]}