Candidate: CVE-2020-12802
PublicDate: 2020-06-08 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12802
 https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802
Description:
 LibreOffice has a 'stealth mode' in which only documents from locations
 deemed 'trusted' are allowed to retrieve remote resources. This mode is not
 the default mode, but can be enabled by users who want to disable
 LibreOffice's ability to include remote resources within a document. A flaw
 existed where remote graphic links loaded from docx documents were omitted
 from this protection prior to version 6.4.4. This issue affects: The
 Document Foundation LibreOffice versions prior to 6.4.4.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by: Jens Müller
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N [5.3 MEDIUM]


Patches_libreoffice:
upstream_libreoffice: released (1:6.4.4-1)
precise/esm_libreoffice: DNE
trusty_libreoffice: ignored (out of standard support)
trusty/esm_libreoffice: DNE
xenial_libreoffice: ignored (end of standard support, was needed)
esm-infra/xenial_libreoffice: needed
bionic_libreoffice: needed
eoan_libreoffice: ignored (reached end-of-life)
focal_libreoffice: released (1:6.4.7-0ubuntu0.20.04.1)
groovy_libreoffice: released (1:6.4.4-0ubuntu1)
hirsute_libreoffice: released (1:6.4.4-0ubuntu1)
impish_libreoffice: released (1:6.4.4-0ubuntu1)
jammy_libreoffice: released (1:6.4.4-0ubuntu1)
devel_libreoffice: released (1:6.4.4-0ubuntu1)