[tdf-discuss] CVE-2019-9847 – The Document Foundation Mailing List Archives

[tdf-discuss] CVE-2019-9847

Caolán McNamara <caolanm -AT- redhat.com>

Wed, 08 May 2019 11:19:42 +0100

tl;dr: Upgrade to 6.1.6 or 6.2.3 CVE-2019-9847 Executable hyperlink targets executed unconditionally on activation Before 6.1.6/6.2.3 under Windows and macOS when processing a hyperlink target explicitly activated by the user, as in you explicitly click on a hyperlink in some LibreOffice application, there was no judgment made on whether the target was an executable file, so such executable targets were launched unconditionally. In the fixed versions, such executables are not executed on hyperlink activation. -- To unsubscribe e-mail to: discuss+unsubscribe@documentfoundation.org Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/ Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette List archive: https://listarchives.documentfoundation.org/www/discuss/ Privacy Policy: https://www.documentfoundation.org/privacy

Context

[tdf-discuss] CVE-2019-9847 · Caolán McNamara

Privacy Policy | Impressum (Legal Info) | Copyright information: Unless otherwise specified, all text and images on this website are licensed under the Creative Commons Attribution-Share Alike 3.0 License. This does not include the source code of LibreOffice, which is licensed under the Mozilla Public License (MPLv2). "LibreOffice" and "The Document Foundation" are registered trademarks of their corresponding registered owners or are in actual use as trademarks in one or more countries. Their respective logos and icons are also subject to international copyright laws. Use thereof is explained in our trademark policy.