Candidate: CVE-2019-9853
PublicDate: 2019-09-27 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9853
 https://www.libreoffice.org/about-us/security/advisories/cve-2019-9853
 https://www.libreoffice.org/about-us/security/advisories/CVE-2019-9853/
 https://ubuntu.com/security/notices/USN-4102-1
Description:
 LibreOffice documents can contain macros. The execution of those macros is
 controlled by the document security settings, typically execution of macros
 are blocked by default. A URL decoding flaw existed in how the urls to the
 macros within the document were processed and categorized, resulting in the
 possibility to construct a document where macro execution bypassed the
 security settings. The documents were correctly detected as containing
 macros, and prompted the user to their existence within the documents, but
 macros within the document were subsequently not controlled by the security
 settings allowing arbitrary macro execution This issue affects: LibreOffice
 6.2 series versions prior to 6.2.7; LibreOffice 6.3 series versions prior
 to 6.3.1.
Ubuntu-Description:
Notes:
 mdeslaur> The fix for this issue was included as part of USN-4102-1
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [7.8 HIGH]


Patches_libreoffice:
upstream_libreoffice: released (1:6.3.0-1)
precise/esm_libreoffice: DNE
trusty_libreoffice: ignored (out of standard support)
trusty/esm_libreoffice: DNE
xenial_libreoffice: released (1:5.1.6~rc2-0ubuntu1~xenial9)
esm-infra/xenial_libreoffice: released (1:5.1.6~rc2-0ubuntu1~xenial9)
bionic_libreoffice: released (1:6.0.7-0ubuntu0.18.04.9)
disco_libreoffice: released (1:6.2.6-0ubuntu0.19.04.1)
devel_libreoffice: not-affected (1:6.3.1-0ubuntu2)