-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5908-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 28, 2025 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : libreoffice CVE ID : CVE-2025-2866 Juray Sarinay discovered that PDF documents signed with the adbe.pkcs7.sha1 standard were incompletely validated by LibreOffice, which could cause invalid signatures to be accepted as legitimate. For the stable distribution (bookworm), this problem has been fixed in version 4:7.4.7-1+deb12u8. We recommend that you upgrade your libreoffice packages. For the detailed security status of libreoffice please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libreoffice Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmgP1KwACgkQEMKTtsN8 TjasuRAAnAPyCH3STHeXsEVJiHnk/msFh95HPxkf9FtXnIwZqAq02CDzAJJi+9SI a6KsPZ1tKUTgNMSd0dt7z4/jRlaB81uiaRqwinrLu153bObzmg8vigI7jglN0BiC 19TDG2+dlEKueOah6h59PFf/8oe3LZ3xHJIydN8f0u7XtUrUIg/+dBS1Zwbr4uWv jIW+HSwbpOKSBD70SeovB6kkWuF6xGVcjfHuBcn0bwwjsXInJYJKBOCChEHAynpA p8fecyHGRXVd2rjdQx3A8edP5NkfwXvECB220Sc2lF/8usxLVRXPdgVUlU1nWE5T FDPUkJ6AsyysJjnnoTHRiOanxgAZPkQbioeTl117Zwv2ckgyIkdX3/dvwgJPZC5p o3hpnc+Ie96pm4gNNO+0pa2cC+0m6jlz518XYhwak+M5IgFbjekpD9klQqLNPn6d gba03ovqu/Tz683mIl5EWNGPIZwpouRgL9IRphtOaxp3hkrDzonhH7brv2xIC55n pI97BoHbl8xNXC/CMDIMsF7IRPTH5ydKJXMqEmcoYfhcsrxqizemq7MbKZpWU+CV ZOhGZbIS3rGdm+/RYWKqpIiOwDeddQP+9kzBjLQeVlOhUQM+c4lTd05Y8w987BvP SSayZ+2pg5zIcdnC7HSLNAeXhuqV0VAX8/diVI70B/W87CIdMn0= =Yqcr -----END PGP SIGNATURE-----