[Libreoffice-commits] core.git: Changes to 'feature/cib_contract3197'
Michael Stahl (via logerrit)
logerrit at kemper.freedesktop.org
Wed Jun 12 15:59:36 UTC 2019
New branch 'feature/cib_contract3197' available with the following commits:
commit 838eb4c8915997fed81f106c8f9641e366a9ff82
Author: Michael Stahl <Michael.Stahl at cib.de>
Date: Wed May 22 11:40:54 2019 +0200
curl: upgrade to release 7.65.0
Fixes CVE-2019-5435. It looks like this is not a problem on 32-bit
Windows because fortunately we don't use /LARGEADDRESSAWARE flag
to set IMAGE_FILE_LARGE_ADDRESS_AWARE... but on 32-bit Linux
the user-space VM is 3GB so an exploit might be possible.
Apparently there's no code in LO that uses the CURLU_URLENCODE flag.
The other one, CVE-2019-5436, doesn't matter because we disable tftp.
Change-Id: I0d4f087befa5a3c4fb21ec36761dad68932425d9
Reviewed-on: https://gerrit.libreoffice.org/72732
Tested-by: Jenkins
Reviewed-by: Michael Stahl <Michael.Stahl at cib.de>
(cherry picked from commit edb01616ac176401650c35d938c75c6c5558a47e)
commit 0e82245689b4bd1541e78d7f84f57bc620b94b92
Author: Thorsten Behrens <Thorsten.Behrens at CIB.de>
Date: Wed Jul 18 18:06:44 2018 +0200
Default OpenGL to off on all platforms
Change-Id: Ide04d3b37b9fabb64d514fd87acbdfe9e49e6727
commit a90c7dac81530212be592377de8ef9f20c5689b1
Author: Samuel Mehrbrodt <Samuel.Mehrbrodt at cib.de>
Date: Thu Jan 12 16:46:45 2017 +0100
Disable crash reporter UI
Change-Id: I8106ec674080ede7072581dab2e6700040de5828
(cherry picked from commit b981aa30c3eb5ddd0cf6c35e4c37ab687667f71b)
More information about the Libreoffice-commits
mailing list