[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[tdf-discuss] security related information, CVE-2020-12802, CVE-2020-12803
- Subject: [tdf-discuss] security related information, CVE-2020-12802, CVE-2020-12803
- From: Caolán McNamara <email@example.com>
- Date: Mon, 08 Jun 2020 16:08:46 +0100
- To: firstname.lastname@example.org
CVE-2020-12802 remote graphics contained in docx format retrieved in
If you are using the (off by default) setting to only allow documents
in "trusted location" to download remote resources then 6.4.4 fixes a
case in the .docx import path where that protection didn't apply.
CVE-2020-12803 XForms submissions could overwrite local files
ODF documents can contain forms similar to HTML forms where a user
typically clicks on a submit button to submit the data to a web server.
Prior to 6.4.4 the destination could be a local file, raising the
possibility that a malicious document could be constructed to maximize
the likelihood that the user could inadvertently overwrite a local
file. In 6.4.4 this feature is limited to http[s] URLs.
To unsubscribe e-mail to: email@example.com
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.documentfoundation.org/www/discuss/