Candidate: CVE-2020-12801
PublicDate: 2020-05-18 15:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12801
 https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801
Description:
 If LibreOffice has an encrypted document open and crashes, that document is
 auto-saved encrypted. On restart, LibreOffice offers to restore the
 document and prompts for the password to decrypt it. If the recovery is
 successful, and if the file format of the recovered document was not
 LibreOffice's default ODF file format, then affected versions of
 LibreOffice default that subsequent saves of the document are unencrypted.
 This may lead to a user accidentally saving a MSOffice file format document
 unencrypted while believing it to be encrypted. This issue affects:
 LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior
 to 6.4.3.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by: Tomas Florian
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_libreoffice:
upstream_libreoffice: released (1:6.4.3-1)
precise/esm_libreoffice: DNE
trusty_libreoffice: ignored (out of standard support)
trusty/esm_libreoffice: DNE
xenial_libreoffice: ignored (end of standard support, was needed)
esm-infra/xenial_libreoffice: needed
bionic_libreoffice: needed
eoan_libreoffice: ignored (reached end-of-life)
focal_libreoffice: not-affected (1:6.4.3-0ubuntu0.20.04.1)
groovy_libreoffice: not-affected (1:6.4.3-0ubuntu0.20.04.1)
hirsute_libreoffice: not-affected (1:6.4.3-0ubuntu0.20.04.1)
impish_libreoffice: not-affected (1:6.4.3-0ubuntu0.20.04.1)
jammy_libreoffice: not-affected (1:6.4.3-0ubuntu0.20.04.1)
devel_libreoffice: not-affected (1:6.4.3-0ubuntu0.20.04.1)