-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5908-1
[email protected] https://www.debian.org/security/ Moritz Muehlenhoff
April 28, 2025
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : libreoffice
CVE ID : CVE-2025-2866
Juray Sarinay discovered that PDF documents signed with the
adbe.pkcs7.sha1 standard were incompletely validated by LibreOffice,
which could cause invalid signatures to be accepted as legitimate.
For the stable distribution (bookworm), this problem has been fixed in
version 4:7.4.7-1+deb12u8.
We recommend that you upgrade your libreoffice packages.
For the detailed security status of libreoffice please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgP1KwACgkQEMKTtsN8 TjasuRAAnAPyCH3STHeXsEVJiHnk/msFh95HPxkf9FtXnIwZqAq02CDzAJJi+9SI a6KsPZ1tKUTgNMSd0dt7z4/jRlaB81uiaRqwinrLu153bObzmg8vigI7jglN0BiC 19TDG2+dlEKueOah6h59PFf/8oe3LZ3xHJIydN8f0u7XtUrUIg/+dBS1Zwbr4uWv jIW+HSwbpOKSBD70SeovB6kkWuF6xGVcjfHuBcn0bwwjsXInJYJKBOCChEHAynpA p8fecyHGRXVd2rjdQx3A8edP5NkfwXvECB220Sc2lF/8usxLVRXPdgVUlU1nWE5T FDPUkJ6AsyysJjnnoTHRiOanxgAZPkQbioeTl117Zwv2ckgyIkdX3/dvwgJPZC5p o3hpnc+Ie96pm4gNNO+0pa2cC+0m6jlz518XYhwak+M5IgFbjekpD9klQqLNPn6d gba03ovqu/Tz683mIl5EWNGPIZwpouRgL9IRphtOaxp3hkrDzonhH7brv2xIC55n pI97BoHbl8xNXC/CMDIMsF7IRPTH5ydKJXMqEmcoYfhcsrxqizemq7MbKZpWU+CV ZOhGZbIS3rGdm+/RYWKqpIiOwDeddQP+9kzBjLQeVlOhUQM+c4lTd05Y8w987BvP SSayZ+2pg5zIcdnC7HSLNAeXhuqV0VAX8/diVI70B/W87CIdMn0=
=Yqcr
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)