-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5873-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 04, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : libreoffice
CVE ID         : CVE-2025-1080

Amel Bouziane-Leblond discovered that insufficient validation of
"vnd.libreoffice.command" URI schemes could result in the execution of
arbitrary macro commands.

For the stable distribution (bookworm), this problem has been fixed in
version 4:7.4.7-1+deb12u7.

We recommend that you upgrade your libreoffice packages.

For the detailed security status of libreoffice please refer to its
security tracker page at:
https://security-tracker.debian.org/tracker/libreoffice

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmfHcJdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RUYA//UF/CS3skm3ZUSUI6njwue6qrNodsqtF0/BwpVG1v3g1kX/1yUGGrPc8s
DgbCPJauD1rtlyVnlB2WeVWGOjKxP0ngGZ39KOcMdLHCu/mh2UR52OnOuw0R7Gpl
3i81VYMiKSNqHu/iz/6ae9NWYCax1k5f6a2I1WBQG2Q1/u5a/Ms+MaRoss4t7E5z
ZyBVFTEImTz0Mj1TrU7ZdOquWJwaLR1I/mrPI5Ln2MySl6jSgh5ngCaPHChBLtJK
Glh/kU+WN7tovWiDuCltp2v/jI+SZuD8g0IDzbjZ5KsDZMNmHxxX2e8jhQeWElcH
wguBofOzzIFt3k8hM1/Mmuv/WGWKIQXl3GO7ZBW29Cc5WZ3qbHsCIIL/VsjIvD3k
1ymfrEdrZj8o7UqQYr3EORnIXUc52/8KPaZEQ1Cd+bKbc9sm0PIyYGpxGdq3Biuf
wY5gTHakgq9nvTWtGGAiGkGPz2ENgSUnN0+D/iF9W/elILoGza7CKqVamNgXcd7F
jOd0b5RLQC00XDPVRqI9qKVTOR3F4ByD7/JtqdJEmtlU1y8heuifiujUX1iP28UJ
cATKC9IeQJED2a2XDVPJ82dR0KyTX1fQfhgldNajdLW9FFKCyyfAG7KeJ1scYqBl
BkC+7Mne/N5hJZeo/iyFBiM/Z0MHwntUpirh/S4aQy4Z7eIHecE=
=Qzs3
-----END PGP SIGNATURE-----