Candidate: CVE-2021-25635
PublicDate: 2021-10-19 00:00:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25635
 https://www.libreoffice.org/about-us/security/advisories/CVE-2021-25635
 https://www.openwall.com/lists/oss-security/2021/10/11/3
Description:
 A flaw was found in LibreOffice, where it improperly validated signatures for algorithms
 that were not verified. This flaw leads to LibreOffice presenting a valid signature when
 the validity of the signature was not verified.  The highest threat from this vulnerability
 is to confidentiality and integrity.
Ubuntu-Description:
Notes:
 mdeslaur> This CVE is specific to the Microsoft Crypto API backend
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:


Patches_libreoffice:
 upstream: https://github.com/LibreOffice/core/commit/edeb164c1d8ab64116afee4e2140403a362a1358 (7-0)
 upstream: https://github.com/LibreOffice/core/commit/a5fe0bea138c5b32268a5cd0093908909d8bc013 (7-1)
upstream_libreoffice: not-affected (debian: Only affects Microsoft Crypto API back-end)
esm-infra/xenial_libreoffice: not-affected (windows-only)
trusty_libreoffice: ignored (out of standard support)
xenial_libreoffice: ignored (out of standard support)
bionic_libreoffice: not-affected (windows-only)
focal_libreoffice: not-affected (windows-only)
hirsute_libreoffice: not-affected (1:7.1.6-0ubuntu0.21.04.1)
impish_libreoffice: not-affected (1:7.2.1-0ubuntu3)
jammy_libreoffice: not-affected (1:7.2.1-0ubuntu3)
devel_libreoffice: not-affected (1:7.2.1-0ubuntu3)