{"affected":[{"ecosystem_specific":{"binaries":[{"libreoffice":"6.2.7.1-43.56.3","libreoffice-base":"6.2.7.1-43.56.3","libreoffice-base-drivers-postgresql":"6.2.7.1-43.56.3","libreoffice-branding-upstream":"6.2.7.1-43.56.3","libreoffice-calc":"6.2.7.1-43.56.3","libreoffice-calc-extensions":"6.2.7.1-43.56.3","libreoffice-draw":"6.2.7.1-43.56.3","libreoffice-filters-optional":"6.2.7.1-43.56.3","libreoffice-gnome":"6.2.7.1-43.56.3","libreoffice-gtk2":"6.2.7.1-43.56.3","libreoffice-icon-themes":"6.2.7.1-43.56.3","libreoffice-impress":"6.2.7.1-43.56.3","libreoffice-l10n-af":"6.2.7.1-43.56.3","libreoffice-l10n-ar":"6.2.7.1-43.56.3","libreoffice-l10n-ca":"6.2.7.1-43.56.3","libreoffice-l10n-cs":"6.2.7.1-43.56.3","libreoffice-l10n-da":"6.2.7.1-43.56.3","libreoffice-l10n-de":"6.2.7.1-43.56.3","libreoffice-l10n-en":"6.2.7.1-43.56.3","libreoffice-l10n-es":"6.2.7.1-43.56.3","libreoffice-l10n-fi":"6.2.7.1-43.56.3","libreoffice-l10n-fr":"6.2.7.1-43.56.3","libreoffice-l10n-gu":"6.2.7.1-43.56.3","libreoffice-l10n-hi":"6.2.7.1-43.56.3","libreoffice-l10n-hu":"6.2.7.1-43.56.3","libreoffice-l10n-it":"6.2.7.1-43.56.3","libreoffice-l10n-ja":"6.2.7.1-43.56.3","libreoffice-l10n-ko":"6.2.7.1-43.56.3","libreoffice-l10n-nb":"6.2.7.1-43.56.3","libreoffice-l10n-nl":"6.2.7.1-43.56.3","libreoffice-l10n-nn":"6.2.7.1-43.56.3","libreoffice-l10n-pl":"6.2.7.1-43.56.3","libreoffice-l10n-pt_BR":"6.2.7.1-43.56.3","libreoffice-l10n-pt_PT":"6.2.7.1-43.56.3","libreoffice-l10n-ro":"6.2.7.1-43.56.3","libreoffice-l10n-ru":"6.2.7.1-43.56.3","libreoffice-l10n-sk":"6.2.7.1-43.56.3","libreoffice-l10n-sv":"6.2.7.1-43.56.3","libreoffice-l10n-xh":"6.2.7.1-43.56.3","libreoffice-l10n-zh_CN":"6.2.7.1-43.56.3","libreoffice-l10n-zh_TW":"6.2.7.1-43.56.3","libreoffice-l10n-zu":"6.2.7.1-43.56.3","libreoffice-mailmerge":"6.2.7.1-43.56.3","libreoffice-math":"6.2.7.1-43.56.3","libreoffice-officebean":"6.2.7.1-43.56.3","libreoffice-pyuno":"6.2.7.1-43.56.3","libreoffice-writer":"6.2.7.1-43.56.3","libreoffice-writer-extensions":"6.2.7.1-43.56.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Desktop 12 SP4","name":"libreoffice","purl":"pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.2.7.1-43.56.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libreoffice-sdk":"6.2.7.1-43.56.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Software Development Kit 12 SP4","name":"libreoffice","purl":"pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.2.7.1-43.56.3"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"libreoffice":"6.2.7.1-43.56.3","libreoffice-base":"6.2.7.1-43.56.3","libreoffice-base-drivers-postgresql":"6.2.7.1-43.56.3","libreoffice-branding-upstream":"6.2.7.1-43.56.3","libreoffice-calc":"6.2.7.1-43.56.3","libreoffice-calc-extensions":"6.2.7.1-43.56.3","libreoffice-draw":"6.2.7.1-43.56.3","libreoffice-filters-optional":"6.2.7.1-43.56.3","libreoffice-gnome":"6.2.7.1-43.56.3","libreoffice-gtk2":"6.2.7.1-43.56.3","libreoffice-icon-themes":"6.2.7.1-43.56.3","libreoffice-impress":"6.2.7.1-43.56.3","libreoffice-l10n-af":"6.2.7.1-43.56.3","libreoffice-l10n-ar":"6.2.7.1-43.56.3","libreoffice-l10n-bg":"6.2.7.1-43.56.3","libreoffice-l10n-ca":"6.2.7.1-43.56.3","libreoffice-l10n-cs":"6.2.7.1-43.56.3","libreoffice-l10n-da":"6.2.7.1-43.56.3","libreoffice-l10n-de":"6.2.7.1-43.56.3","libreoffice-l10n-en":"6.2.7.1-43.56.3","libreoffice-l10n-es":"6.2.7.1-43.56.3","libreoffice-l10n-fi":"6.2.7.1-43.56.3","libreoffice-l10n-fr":"6.2.7.1-43.56.3","libreoffice-l10n-gu":"6.2.7.1-43.56.3","libreoffice-l10n-hi":"6.2.7.1-43.56.3","libreoffice-l10n-hr":"6.2.7.1-43.56.3","libreoffice-l10n-hu":"6.2.7.1-43.56.3","libreoffice-l10n-it":"6.2.7.1-43.56.3","libreoffice-l10n-ja":"6.2.7.1-43.56.3","libreoffice-l10n-ko":"6.2.7.1-43.56.3","libreoffice-l10n-lt":"6.2.7.1-43.56.3","libreoffice-l10n-nb":"6.2.7.1-43.56.3","libreoffice-l10n-nl":"6.2.7.1-43.56.3","libreoffice-l10n-nn":"6.2.7.1-43.56.3","libreoffice-l10n-pl":"6.2.7.1-43.56.3","libreoffice-l10n-pt_BR":"6.2.7.1-43.56.3","libreoffice-l10n-pt_PT":"6.2.7.1-43.56.3","libreoffice-l10n-ro":"6.2.7.1-43.56.3","libreoffice-l10n-ru":"6.2.7.1-43.56.3","libreoffice-l10n-sk":"6.2.7.1-43.56.3","libreoffice-l10n-sv":"6.2.7.1-43.56.3","libreoffice-l10n-uk":"6.2.7.1-43.56.3","libreoffice-l10n-xh":"6.2.7.1-43.56.3","libreoffice-l10n-zh_CN":"6.2.7.1-43.56.3","libreoffice-l10n-zh_TW":"6.2.7.1-43.56.3","libreoffice-l10n-zu":"6.2.7.1-43.56.3","libreoffice-mailmerge":"6.2.7.1-43.56.3","libreoffice-math":"6.2.7.1-43.56.3","libreoffice-officebean":"6.2.7.1-43.56.3","libreoffice-pyuno":"6.2.7.1-43.56.3","libreoffice-writer":"6.2.7.1-43.56.3","libreoffice-writer-extensions":"6.2.7.1-43.56.3"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Workstation Extension 12 SP4","name":"libreoffice","purl":"pkg:rpm/suse/libreoffice&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.2.7.1-43.56.3"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for libreoffice to version 6.2.7.1 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2019-9849: Disabled fetching remote bullet graphics in 'stealth mode' (bsc#1141861).\n- CVE-2019-9848: Fixed an arbitrary script execution via LibreLogo (bsc#1141862).\n- CVE-2019-9851: Fixed LibreLogo global-event script execution issue (bsc#1146105).\n- CVE-2019-9852: Fixed insufficient URL encoding flaw in allowed script location check (bsc#1146107).\n- CVE-2019-9850: Fixed insufficient URL validation that allowed LibreLogo script execution (bsc#1146098).\n- CVE-2019-9854: Fixed unsafe URL assembly flaw (bsc#1149944).\n- CVE-2019-9855: Fixed path equivalence handling flaw (bsc#1149943)\n\nNon-security issue fixed:\n\n- SmartArt: Basic rendering of Trapezoid List (bsc#1133534)\n","id":"SUSE-SU-2019:2401-1","modified":"2019-09-18T11:50:02Z","published":"2019-09-18T11:50:02Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2019/suse-su-20192401-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1133534"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141861"},{"type":"REPORT","url":"https://bugzilla.suse.com/1141862"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146098"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146105"},{"type":"REPORT","url":"https://bugzilla.suse.com/1146107"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149943"},{"type":"REPORT","url":"https://bugzilla.suse.com/1149944"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9848"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9849"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9850"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9851"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9852"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9854"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-9855"}],"related":["CVE-2019-9848","CVE-2019-9849","CVE-2019-9850","CVE-2019-9851","CVE-2019-9852","CVE-2019-9854","CVE-2019-9855"],"summary":"Security update for libreoffice","upstream":["CVE-2019-9848","CVE-2019-9849","CVE-2019-9850","CVE-2019-9851","CVE-2019-9852","CVE-2019-9854","CVE-2019-9855"]}