Debian Package Tracker

general

source: libreoffice (main)
version: 1:6.3.0-2
maintainer: Debian LibreOffice Maintainers (archive) (DMD)
uploaders: Rene Engelhard [DMD] – Chris Halls [DMD]
arch: all alpha amd64 arm64 armel armhf hppa i386 ia64 kfreebsd-amd64 kfreebsd-i386 m68k mips mips64 mips64el mipsel powerpc powerpcspe ppc64 ppc64el s390 s390x sparc sparc64
std-ver: 4.0.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1:4.3.3-2+deb8u11
o-o-sec: 1:4.3.3-2+deb8u12
oldstable: 1:5.2.7-1+deb9u7
old-sec: 1:5.2.7-1+deb9u10
old-bpo: 1:6.1.5-3+deb10u2~bpo9+1
old-p-u: 1:5.2.7-1+deb9u10
stable: 1:6.1.5-3
stable-sec: 1:6.1.5-3+deb10u3
stable-bpo: 1:6.3.0-2~bpo10+1
stable-p-u: 1:6.1.5-3+deb10u3
testing: 1:6.3.0-2
unstable: 1:6.3.0-2

versioned links

1:4.3.3-2+deb8u11: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.3.3-2+deb8u12: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.2.7-1+deb9u7: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:5.2.7-1+deb9u10: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.0.6~rc1-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.0.6~rc1-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.1.5-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.1.5-3+deb10u2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.1.5-3+deb10u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.3.0-2~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:6.3.0-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

fonts-opensymbol
gir1.2-lokdocview-0.1
liblibreofficekitgtk
libreoffice (44 bugs: 0, 33, 11, 0)
libreoffice-avmedia-backend-gstreamer
libreoffice-base (9 bugs: 0, 8, 1, 0)
libreoffice-base-core
libreoffice-base-drivers
libreoffice-calc (17 bugs: 0, 15, 2, 0)
libreoffice-common (13 bugs: 0, 6, 7, 0)
libreoffice-core (4 bugs: 1, 3, 0, 0)
libreoffice-dev
libreoffice-dev-common
libreoffice-dev-doc
libreoffice-draw (2 bugs: 0, 2, 0, 0)
libreoffice-evolution
libreoffice-gnome
libreoffice-gtk2 (2 bugs: 0, 1, 1, 0)
libreoffice-gtk3 (4 bugs: 0, 4, 0, 0)
libreoffice-help-ca
libreoffice-help-common
libreoffice-help-cs
libreoffice-help-da
libreoffice-help-de
libreoffice-help-dz
libreoffice-help-el
libreoffice-help-en-gb
libreoffice-help-en-us
libreoffice-help-es
libreoffice-help-et
libreoffice-help-eu
libreoffice-help-fi
libreoffice-help-fr
libreoffice-help-gl
libreoffice-help-hi
libreoffice-help-hu
libreoffice-help-id
libreoffice-help-it
libreoffice-help-ja
libreoffice-help-km
libreoffice-help-ko
libreoffice-help-nl
libreoffice-help-om
libreoffice-help-pl
libreoffice-help-pt
libreoffice-help-pt-br
libreoffice-help-ru
libreoffice-help-sk
libreoffice-help-sl
libreoffice-help-sv
libreoffice-help-tr
libreoffice-help-vi
libreoffice-help-zh-cn
libreoffice-help-zh-tw
libreoffice-impress (10 bugs: 0, 9, 1, 0)
libreoffice-java-common
libreoffice-kde5
libreoffice-l10n-af
libreoffice-l10n-am
libreoffice-l10n-ar
libreoffice-l10n-as
libreoffice-l10n-ast
libreoffice-l10n-be
libreoffice-l10n-bg
libreoffice-l10n-bn
libreoffice-l10n-br
libreoffice-l10n-bs
libreoffice-l10n-ca
libreoffice-l10n-cs
libreoffice-l10n-cy
libreoffice-l10n-da
libreoffice-l10n-de
libreoffice-l10n-dz
libreoffice-l10n-el
libreoffice-l10n-en-gb
libreoffice-l10n-en-za
libreoffice-l10n-eo
libreoffice-l10n-es (1 bugs: 0, 1, 0, 0)
libreoffice-l10n-et
libreoffice-l10n-eu
libreoffice-l10n-fa
libreoffice-l10n-fi
libreoffice-l10n-fr
libreoffice-l10n-ga
libreoffice-l10n-gd
libreoffice-l10n-gl
libreoffice-l10n-gu
libreoffice-l10n-gug
libreoffice-l10n-he
libreoffice-l10n-hi
libreoffice-l10n-hr
libreoffice-l10n-hu
libreoffice-l10n-id
libreoffice-l10n-in
libreoffice-l10n-is
libreoffice-l10n-it
libreoffice-l10n-ja
libreoffice-l10n-ka
libreoffice-l10n-kk
libreoffice-l10n-km
libreoffice-l10n-kmr
libreoffice-l10n-kn
libreoffice-l10n-ko
libreoffice-l10n-lt
libreoffice-l10n-lv
libreoffice-l10n-mk
libreoffice-l10n-ml
libreoffice-l10n-mn
libreoffice-l10n-mr
libreoffice-l10n-nb
libreoffice-l10n-ne
libreoffice-l10n-nl
libreoffice-l10n-nn
libreoffice-l10n-nr
libreoffice-l10n-nso
libreoffice-l10n-oc
libreoffice-l10n-om
libreoffice-l10n-or
libreoffice-l10n-pa-in
libreoffice-l10n-pl
libreoffice-l10n-pt
libreoffice-l10n-pt-br
libreoffice-l10n-ro
libreoffice-l10n-ru
libreoffice-l10n-rw
libreoffice-l10n-si
libreoffice-l10n-sk
libreoffice-l10n-sl
libreoffice-l10n-sr
libreoffice-l10n-ss
libreoffice-l10n-st
libreoffice-l10n-sv
libreoffice-l10n-ta
libreoffice-l10n-te
libreoffice-l10n-tg
libreoffice-l10n-th
libreoffice-l10n-tn
libreoffice-l10n-tr
libreoffice-l10n-ts
libreoffice-l10n-ug
libreoffice-l10n-uk
libreoffice-l10n-uz
libreoffice-l10n-ve
libreoffice-l10n-vi
libreoffice-l10n-xh
libreoffice-l10n-za
libreoffice-l10n-zh-cn
libreoffice-l10n-zh-tw
libreoffice-l10n-zu
libreoffice-librelogo
libreoffice-math
libreoffice-mysql-connector
libreoffice-nlpsolver
libreoffice-officebean
libreoffice-qt5
libreoffice-report-builder
libreoffice-report-builder-bin
libreoffice-script-provider-bsh
libreoffice-script-provider-js
libreoffice-script-provider-python
libreoffice-sdbc-firebird
libreoffice-sdbc-hsqldb
libreoffice-sdbc-mysql
libreoffice-sdbc-postgresql (1 bugs: 0, 1, 0, 0)
libreoffice-smoketest-data
libreoffice-style-breeze
libreoffice-style-colibre
libreoffice-style-elementary
libreoffice-style-karasa-jaga
libreoffice-style-sifr
libreoffice-style-tango
libreoffice-subsequentcheckbase
libreoffice-wiki-publisher
libreoffice-writer (41 bugs: 0, 33, 8, 0)
libreofficekit-data
libreofficekit-dev
python3-uno
uno-libs3
ure

action needed

Debci reports failed tests high

testing: pass (log)
The tests ran in 2h 22m 9s
Last run: 2019-08-21 09:58:24
Previous status: pass

stable: pass (log)
The tests ran in 2h 16m 12s
Last run: 2019-08-20 09:45:28
Previous status: pass

unstable: fail (log)
The tests ran in 4h 54m 18s
Last run: 2019-08-21 14:14:56
Previous status: pass

Created: 2019-08-21 Last update: 2019-08-21 15:31

5 security issues in jessie high

There are 5 open security issues in jessie.

5 important issues:

CVE-2019-9849: LibreOffice has a 'stealth mode' in which only documents from locations deemed 'trusted' are allowed to retrieve remote resources. This mode is not the default mode, but can be enabled by users who want to disable LibreOffice's ability to include remote resources within a document. A flaw existed where bullet graphics were omitted from this protection prior to version 6.2.5. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.
CVE-2019-9852: LibreOffice has a feature where documents can specify that pre-installed macros can be executed on various script events such as mouse-over, document-open etc. Access is intended to be restricted to scripts under the share/Scripts/python, user/Scripts/python sub-directories of the LibreOffice install. Protection was added, to address CVE-2018-16858, to avoid a directory traversal attack where scripts in arbitrary locations on the file system could be executed. However this new protection could be bypassed by a URL encoding attack. In the fixed versions, the parsed url describing the script location is correctly encoded before further processing. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
CVE-2019-9851: LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from document event script handers, e.g. mouse over. However LibreOffice also has a separate feature where documents can specify that pre-installed scripts can be executed on various global script events such as document-open, etc. In the fixed versions, global script event handlers are validated equivalently to document script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
CVE-2019-9850: LibreOffice is typically bundled with LibreLogo, a programmable turtle vector graphics script, which can execute arbitrary python commands contained with the document it is launched from. LibreOffice also has a feature where documents can specify that pre-installed scripts can be executed on various document script events such as mouse-over, etc. Protection was added, to address CVE-2019-9848, to block calling LibreLogo from script event handers. However an insufficient url validation vulnerability in LibreOffice allowed malicious to bypass that protection and again trigger calling LibreLogo from script event handlers. This issue affects: Document Foundation LibreOffice versions prior to 6.2.6.
CVE-2019-9848: LibreOffice has a feature where documents can specify that pre-installed scripts can be executed on various document events such as mouse-over, etc. LibreOffice is typically also bundled with LibreLogo, a programmable turtle vector graphics script, which can be manipulated into executing arbitrary python commands. By using the document event feature to trigger LibreLogo to execute python contained within a document a malicious document could be constructed which would execute arbitrary python commands silently without warning. In the fixed versions, LibreLogo cannot be called from a document event handler. This issue affects: Document Foundation LibreOffice versions prior to 6.2.5.

Please fix them.

Created: 2019-07-16 Last update: 2019-08-17 04:15

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-08-21 16:08

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2019-01-05 Last update: 2019-08-21 14:34

Depends on packages which need a new maintainer normal

The packages that libreoffice depends on which need a new maintainer are:

openclipart (#690518)
- Suggests: openclipart-libreoffice
coinutils (#934088)
- Build-Depends: coinor-libcoinutils-dev
- Depends: coinor-libcoinutils3v5
coinor-cbc (#934084)
- Depends: coinor-libcbc3

Created: 2017-12-02 Last update: 2019-08-21 14:12

Multiarch hinter reports 6 issue(s) normal

There are issues with the multiarch metadata for this package.

libreoffice-dev-doc could be marked Multi-Arch: foreign
libreoffice-smoketest-data could be marked Multi-Arch: foreign
gir1.2-lokdocview-0.1 could be marked Multi-Arch: same
libreoffice could be marked Multi-Arch: same
libreoffice-avmedia-backend-gstreamer could be marked Multi-Arch: same
libreofficekit-dev could be marked Multi-Arch: same

Created: 2016-09-14 Last update: 2019-08-21 12:02

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 1:6.3.1~rc2~git20190819-1, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 82bd5b9872e30a4765e5050d3fc8bbb0edcc9f03
Author: Rene Engelhard <rene@debian.org>
Date:   Tue Aug 13 22:47:25 2019 +0200

    ENABLE_EXPORT_VALIDATION_TESTS=n if USE_SOURCE_TARBALLS=y

commit 805e799d807090fb3235c9876082fe069293bc21
Author: Rene Engelhard <rene@debian.org>
Date:   Mon Aug 19 17:46:35 2019 +0200

    git update; closes: #934779

commit 9fd798205aa60f80fbc5d0dfbb0b7c02ea70b4d7
Author: Rene Engelhard <rene@debian.org>
Date:   Thu Aug 15 18:02:50 2019 +0200

    mention CVE-2019-9850/CVE-2019-9851/CVE-2019-9852 in 1:6.3.0-1s changelog

commit 2d177595de1988ed9b50cf46d2e3c269bd515c05
Author: Rene Engelhard <rene@debian.org>
Date:   Fri Aug 9 20:15:50 2019 +0200

    another typo...

Created: 2019-07-19 Last update: 2019-08-19 18:21

AppStream hints: 10 warnings normal

AppStream found metadata issues for packages:

libreoffice-impress: 2 warnings
libreoffice-writer: 2 warnings
libreoffice-calc: 2 warnings
libreoffice-draw: 2 warnings
libreoffice-base: 2 warnings

You should get rid of them to provide more metadata about this software.

Created: 2019-08-17 Last update: 2019-08-17 20:56

RFH: The maintainer is looking for help with this package. normal

The current maintainer is looking for someone who can help with the maintenance of this package. If you are interested in this package, please consider helping out. One way you can help is offer to be a co-maintainer or triage bugs in the BTS. Please see bug number #419523 for more information.

Created: 2017-12-02 Last update: 2017-12-02 00:26

Build log checks report 1 warning low

Build log checks report 1 warning

Created: 2019-08-10 Last update: 2019-08-10 09:04

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.0.1).

Created: 2017-08-31 Last update: 2019-08-09 23:27

testing migrations

This package will soon be part of the auto-evolution-data-server transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.
This package will soon be part of the auto-liborcus transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2019-08-17] Accepted libreoffice 1:6.1.5-3+deb10u3 (source) into proposed-updates->stable-new, proposed-updates (Rene Engelhard) (signed by: René Engelhard)
[2019-08-17] Accepted libreoffice 1:6.1.5-3+deb10u2 (source) into proposed-updates->stable-new, proposed-updates (Rene Engelhard) (signed by: René Engelhard)
[2019-08-17] Accepted libreoffice 1:6.1.5-3+deb10u1 (source) into proposed-updates->stable-new, proposed-updates (Rene Engelhard) (signed by: René Engelhard)
[2019-08-16] Accepted libreoffice 1:5.2.7-1+deb9u10 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Rene Engelhard) (signed by: René Engelhard)
[2019-08-16] Accepted libreoffice 1:5.2.7-1+deb9u9 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Rene Engelhard) (signed by: René Engelhard)
[2019-08-16] Accepted libreoffice 1:5.2.7-1+deb9u8 (source) into oldstable-proposed-updates->oldstable-new, oldstable-proposed-updates (Rene Engelhard) (signed by: René Engelhard)
[2019-08-15] Accepted libreoffice 1:6.1.5-3+deb10u3 (source) into stable->embargoed, stable (Rene Engelhard) (signed by: René Engelhard)
[2019-08-15] Accepted libreoffice 1:5.2.7-1+deb9u10 (source) into oldstable->embargoed, oldstable (Rene Engelhard) (signed by: René Engelhard)
[2019-08-13] libreoffice 1:6.3.0-2 MIGRATED to testing (Debian testing watch)
[2019-08-12] Accepted libreoffice 1:6.3.0-2~bpo10+1 (source) into buster-backports (Rene Engelhard) (signed by: René Engelhard)
[2019-08-09] Accepted libreoffice 1:6.3.0-2 (source) into unstable (Rene Engelhard) (signed by: René Engelhard)
[2019-08-08] Accepted libreoffice 1:6.3.0-1 (source) into unstable (Rene Engelhard) (signed by: René Engelhard)
[2019-07-28] Accepted libreoffice 1:6.3.0~rc2-1~bpo10+1 (all amd64 source) into buster-backports, buster-backports (Rene Engelhard) (signed by: René Engelhard)
[2019-07-28] libreoffice 1:6.3.0~rc2-1 MIGRATED to testing (Debian testing watch)
[2019-07-22] Accepted libreoffice 1:6.3.0~rc2-1 (source) into unstable (Rene Engelhard) (signed by: René Engelhard)
[2019-07-17] Accepted libreoffice 1:6.3.0~rc1-2 (source) into unstable (Rene Engelhard) (signed by: René Engelhard)
[2019-07-17] Accepted libreoffice 1:6.1.5-3+deb10u2~bpo9+1 (source) into stretch-backports->backports-policy, stretch-backports (Rene Engelhard) (signed by: René Engelhard)
[2019-07-16] Accepted libreoffice 1:5.2.7-1+deb9u8 (source) into oldstable->embargoed, oldstable (Rene Engelhard) (signed by: René Engelhard)
[2019-07-16] Accepted libreoffice 1:6.1.5-3+deb10u1 (source) into stable->embargoed, stable (Rene Engelhard) (signed by: René Engelhard)
[2019-07-16] Accepted libreoffice 1:6.1.5-3+deb10u2 (source) into stable->embargoed, stable (Rene Engelhard) (signed by: René Engelhard)
[2019-07-16] Accepted libreoffice 1:5.2.7-1+deb9u9 (source) into oldstable->embargoed, oldstable (Rene Engelhard) (signed by: René Engelhard)
[2019-07-07] Accepted libreoffice 1:6.3.0~rc1-1 (source all amd64) into unstable (Rene Engelhard) (signed by: René Engelhard)
[2019-06-22] Accepted libreoffice 1:6.3.0~beta2-2 (source) into experimental (Rene Engelhard) (signed by: René Engelhard)
[2019-06-21] Accepted libreoffice 1:6.3.0~beta2-1 (source) into experimental (Rene Engelhard) (signed by: René Engelhard)
[2019-06-03] Accepted libreoffice 1:6.3.0~beta1-2 (source) into experimental (Rene Engelhard) (signed by: René Engelhard)
[2019-06-01] Accepted libreoffice 1:6.3.0~beta1-1 (source) into experimental (Rene Engelhard) (signed by: René Engelhard)
[2019-05-17] Accepted libreoffice 1:6.3.0~alpha1-2 (source) into experimental (Rene Engelhard) (signed by: René Engelhard)
[2019-05-14] Accepted libreoffice 1:6.3.0~alpha1-1 (source) into experimental (Rene Engelhard) (signed by: René Engelhard)
[2019-05-07] Accepted libreoffice 1:6.2.4~rc1-1 (source) into experimental (Rene Engelhard) (signed by: René Engelhard)
[2019-04-18] Accepted libreoffice 1:5.2.7-1+deb9u7 (source) into proposed-updates->stable-new, proposed-updates (Rene Engelhard) (signed by: René Engelhard)

bugs [bug history graph]

all: 153 160
RC: 1
I&N: 117 122
M&W: 33 35
F&P: 2
patch: 1

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1:6.2.5-0ubuntu1
595 bugs (1 patch)
patches for 1:6.2.5-0ubuntu1