Accepted libreoffice 1:6.1.5-3+deb10u11 (source) into oldoldstable

[Debian FTP Masters <ftpmaster@ftp-master.debian.org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 29 Dec 2023 09:39:36 +0000
Source: libreoffice
Architecture: source
Version: 1:6.1.5-3+deb10u11
Distribution: buster-security
Urgency: high
Maintainer: Debian LibreOffice Maintainers <debian-openoffice@lists.debian.org>
Changed-By: Bastien Roucariès <rouca@debian.org>
Changes:
 libreoffice (1:6.1.5-3+deb10u11) buster-security; urgency=high
 .
   * Team upload by LTS security team.
   * Fix CVE-2023-6185: An Improper Input Validation vulnerability
     was found in GStreamer integration of The Document
     Foundation LibreOffice allows an attacker to execute arbitrary
     GStreamer plugins. In affected versions the filename of the
     embedded video is not sufficiently escaped when passed to
     GStreamer enabling an attacker to run arbitrary
     gstreamer plugins depending on what plugins are installed
     on the target system.
   * Fix CVE-2023-6186: LibreOffice supports hyperlinks.
     In addition to the typical common protocols such as
     http/https hyperlinks can also have target URLs that
     can launch built-in macros or dispatch built-in
     internal commands. In affected version of LibreOffice
     there are scenarios where these can be executed without warning
     if the user activates such hyperlinks. In later versions
     the users's explicit macro execution permissions
     for the document are now consulted if these non-typical
     hyperlinks can be executed. The possibility to use these
     variants of hyperlink targets for floating frames has been removed.
   * Fix CVE-2020-12802: LibreOffice has a 'stealth mode' in which only
     documents from locations deemed 'trusted' are allowed to
     retrieve remote resources. This mode is not the default mode,
     but can be enabled by users who want to disable LibreOffice's ability
     to include remote resources within a document. A flaw existed
     where remote graphic links loaded from docx documents were omitted
     from this protection.
   * Fix CVE-2020-12801: If LibreOffice has an encrypted document
     open and crashes, that document is auto-saved encrypted.
     On restart, LibreOffice offers to restore the document
     and prompts for the password to decrypt it. If the recovery
     is successful, and if the file format of the recovered document
     was not LibreOffice's default ODF file format, then affected versions
     of LibreOffice default that subsequent saves of the document
     are unencrypted. This may lead to a user accidentally saving
     a MSOffice file format document unencrypted while believing
     it to be encrypted.
   * Fix CVE-2020-12803: ODF documents can contain forms to be
     filled out by the user. Similar to HTML forms, the contained
     form data can be submitted to a URI, for example, to an external
     web server. To create submittable forms, ODF implements the
     XForms W3C standard, which allows data to be submitted without
     the need for macros or other active scripting. LibreOffice allowed
     forms to be submitted to any URI, including file: URIs, enabling
     form submissions to overwrite local files. User-interaction
     is required to submit the form, but to avoid the possibility
     of malicious documents engineered to maximize the possibility of
     inadvertent user submission this feature has now been limited to
     http[s] URIs, removing the possibility to overwrite local files.
Checksums-Sha1:
 95e3be95fdfa2d61b53c3956738e70564098ed3e 27758 libreoffice_6.1.5-3+deb10u11.dsc
 cfa531a818d9e34c32e44d82e2962f8e8cb513f1 10025356 libreoffice_6.1.5-3+deb10u11.debian.tar.xz
 aaf5fd696448a7e05b4290992e2c3bc5ed2f9398 109170 libreoffice_6.1.5-3+deb10u11_amd64.buildinfo
Checksums-Sha256:
 1d31798c2bab29ab3961cb20b16ffdf1480ce532c586149bb891dd05c55ea809 27758 libreoffice_6.1.5-3+deb10u11.dsc
 4ec41d6cf84e45a75030b27667718e4fd4893daab1f8130043841b9f2142d643 10025356 libreoffice_6.1.5-3+deb10u11.debian.tar.xz
 fbd7e590a959553c01d547b195538b77709c0912e171a0dfea93fd8eda800edb 109170 libreoffice_6.1.5-3+deb10u11_amd64.buildinfo
Files:
 15e8fa3a888ab96a98d4e6a734337806 27758 editors optional libreoffice_6.1.5-3+deb10u11.dsc
 4d667fe93f54c2ea16eb67e3f6de4b30 10025356 editors optional libreoffice_6.1.5-3+deb10u11.debian.tar.xz
 8c5ec6cda544d3e7ec24d114832cc067 109170 editors optional libreoffice_6.1.5-3+deb10u11_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmWQi78RHHJvdWNhQGRl
Ymlhbi5vcmcACgkQADoaLapBCF9IOQ/+LT95OcpCG9p7Weg0jZEaOpDflmFOQWol
lGPIona6rDs3qJVZgynHuknFvmGKPb0OL/PSk+Cf7Mn/H0cTSCaJmU3MaiiHA/Yx
8BTH+IrnLrbftwSxCOjQiFXP+qEUafwqKN30hsbT1HRHzm8ZcRyvp/sB7y6dfdqW
tOEuWy8Me9yepYie0V+RrzH8ujkMET/1okg2g+UpjP/W3F3ZdPmN2qE/a0Bku+2E
MYSyqXQamYTuIlcgGV3gOLZs/c61mHxVusVrqB/+XYU9mndRw4/YtmSLW9NwaKjU
x694lxNxWY3O4VyqUw1YU8zPPHYqjLruZbz6EcSTJIYeVvWhod8XBUVY4XyC+bIG
6i9P1qW0spp+UK/6k3bugwreJj7Ls03dSXfYTuea6ehFGz/v7o96F4RxRKEqwJoQ
a73xDV6Cc8MohIltkYN9mnC621FKQzj1o179PAYaFicAfSpD8f+Wbke75HyGPmZK
W4XVqO8Ns0uM4Q/yAfzJB8jgnGLZEl2QtI4vFEhv78EGv8+4fMURLTAR5ioAebyO
fwWUA+YBSVnA78n51GG6N8NUcXj8OFLW0J3tBAmm+P2ewpJ3WG/7FqBmSi9iKO90
bMh0fxW2p5bx0mq0gIudFp+b2Hjo/Zx6rjEozIoDtXK3/sM8j+GBEszzUrkA6ITM
oD7nwJyZts8=
=EwQF
-----END PGP SIGNATURE-----