| Package | libreoffice |
|---|---|
| Version | 1:6.1.5-3+deb9u4 (stretch), 1:6.1.5-3+deb10u13 (buster) |
| Related CVEs | CVE-2024-6472 |
libreoffice a popular office productivity software suite, was vulnerable.
Certificate Validation user interface in LibreOffice allowed a potential vulnerability. Signed macros are scripts that have been digitally signed by the developer using a cryptographic signature. When a document with a signed macro is opened a warning is displayed by LibreOffice before the macro is executed.
Previously, if verification failed the user could fail to understand the failure and may choose to enable the macros anyway.
For Debian 10 buster, these problems have been fixed in version 1:6.1.5-3+deb10u13.
For Debian 9 stretch, these problems have been fixed in version 1:6.1.5-3+deb9u4.
We recommend that you upgrade your libreoffice packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.