-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Oct 2021 12:37:28 +0200 Source: libreoffice Architecture: source Version: 1:7.0.4-4+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org> Changed-By: Rene Engelhard <rene@debian.org> Changes: libreoffice (1:7.0.4-4+deb11u1) bullseye-security; urgency=high . * backport fixes from libreoffice-7-0 branch: - xmlsecurity-replace-XSecParser-implementation.diff - xmlsecurity-improve-handling-of-multiple-X509Data-elements.diff: (fixes CVE-2021-25633 "Double Certificate Attack") - xmlsecurity-XSecParser-confused-about-multiple-timestamps.diff, xmlsecurity-ignore-elements-in-ds:Object-that-arent-signed.diff: (fixes CVE-2021-25634 "Timestamp Manipulation with Signature Wrapping") - default-to-CertificateValidity::INVALID.diff: (fixes CVE-2021-25635 "Content Manipulation with Certificate Validation Attack") Checksums-Sha1: 76233ff46ef3a7221c1872d8abe85e53d63b90d8 31345 libreoffice_7.0.4-4+deb11u1.dsc cdbd0cc8c305db165d117e12de86c93e98d6e7c3 110142616 libreoffice_7.0.4.orig-helpcontent2.tar.xz 12a5024b20272d8e20d6d503bfbb46c35b6c4d1e 176691588 libreoffice_7.0.4.orig-translations.tar.xz 8ffff9e324ec3b72ef521cfaea9600b783d0c53c 236477520 libreoffice_7.0.4.orig.tar.xz 66cea38b1450e5527dba5f074733ac937e0bc029 833 libreoffice_7.0.4.orig.tar.xz.asc 3705a4f12565e5dc8a76a0dc141d8aa3db403143 19507204 libreoffice_7.0.4-4+deb11u1.debian.tar.xz 42f8db2a0a7795b6aeb332da4736b9881234233b 36417 libreoffice_7.0.4-4+deb11u1_source.buildinfo Checksums-Sha256: 22f3b5af8a498e4993488e024768d0bc268fa113e873bdecd976ea8b836f5028 31345 libreoffice_7.0.4-4+deb11u1.dsc 8311462f214e27841ba4970bbae518b9a4b2088380877b8dff5e2005587357c1 110142616 libreoffice_7.0.4.orig-helpcontent2.tar.xz 28d7421771af20a310983dec5c64da8103eb6a159e098c6e5f1a1c1e6731e146 176691588 libreoffice_7.0.4.orig-translations.tar.xz 9fa9d2cc8d02f12b1f302b93056d5c0ff986090a6f309bafa506ba53779f2abd 236477520 libreoffice_7.0.4.orig.tar.xz 773a0034f2f4a26e3e285ac605e704df6d90b06722af64b95e42ea4452a34b91 833 libreoffice_7.0.4.orig.tar.xz.asc 8b406e49643e9cb8343bb22d2a59d18ff6cf8c4f71e9cff42243ca5c64a3fdcd 19507204 libreoffice_7.0.4-4+deb11u1.debian.tar.xz 38f98ec7a3c712e21ae1410b8d48f157999f53ef22e3b24f5a1d38b152fe9d99 36417 libreoffice_7.0.4-4+deb11u1_source.buildinfo Files: b7737be7afb227694cb556403175023a 31345 editors optional libreoffice_7.0.4-4+deb11u1.dsc f76a9b75c5b2e334751b3bda4c3bce9c 110142616 editors optional libreoffice_7.0.4.orig-helpcontent2.tar.xz ec39192b68eabc0b56405a96f31bc165 176691588 editors optional libreoffice_7.0.4.orig-translations.tar.xz cad93ef2c87928b5a2971ae7e6474fe1 236477520 editors optional libreoffice_7.0.4.orig.tar.xz 95f6830c549f3393ac49f0c743ba9a20 833 editors optional libreoffice_7.0.4.orig.tar.xz.asc 647fa2fd7e0db1de5e6ac48b836be766 19507204 editors optional libreoffice_7.0.4-4+deb11u1.debian.tar.xz 5525cc15dd1beb3d462405440b30a480 36417 editors optional libreoffice_7.0.4-4+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAmFiyXkQHHJlbmVAZGVi aWFuLm9yZwAKCRAKoEVx0D4+cPMHD/9TVVLB3RPc52Qr88Z2l/oRUOiJjNKf/lVx Awz1HrETm+22vLnLB9z6nCuoY2wA5ssS3GFf3hMwdOjtI3+vEzsQBo/5yucXpMwn lTaIVpf3SDmmDPc1MH2UNNcuX+C86dnn8fsn8bGFuDfLcm2b0wabzTLwRpFtWOuQ ngs9SLjSL1gJVUcdjtUH9cdMjv7cyM4cydwireQZevmhS1Z/ERT7yCPcbm9WgFlC RYtA5viWlLwePOE4jaE1AmccfPJqAYqfxRTPCbrunsDCJNgkSRMML9Mi3dCsNyNv MLNWM/SxOqAVO54sbeu0LqIJAaRFAYnGZPIsUk9J+ZScLl9iWRgm9ax59KjraahV GGt3FeGjXz8IeKWRYyfvJpW5UBYiTgiQU+pvt4ikYHYgdmKO0V0tGT1WGq0XXMeO x8kQBMnmNHPkW/6ARtkuwuVOPu60dX0f+rFE0mQRn0yp/T30oJ3hvD3a23fg66cl 0xJ3xgWBH18Wb1lny2abhtoAahvEvDLyQuVw/0/00qWNvguH/hQteWeeL3OHuEol 6ZT0uwLxDv/0rhpn0c4gSLxaJhJ+tJRj3yvPgMvgJSGaym0No4UOKuhzcgrFiURL xFLQfJ29rHBK1CeNo89K+6+LF5Zg9G9JFC8yw7dDM1bvKHN2ivPLZSqTBzxHXzQS 731Xw4E6AA== =NfkH -----END PGP SIGNATURE-----