CVE-2019-9847

classic Classic list List threaded Threaded
1 message Options
Caolán McNamara Caolán McNamara
Reply | Threaded
Open this post in threaded view
|

CVE-2019-9847

tl;dr: Upgrade to 6.1.6 or 6.2.3

CVE-2019-9847 Executable hyperlink targets executed unconditionally on
activation

Before 6.1.6/6.2.3 under Windows and macOS when processing a hyperlink
target explicitly activated by the user, as in you explicitly click on
a hyperlink in some LibreOffice application, there was no judgment made
on whether the target was an executable file, so such executable
targets were launched unconditionally.

In the fixed versions, such executables are not executed on hyperlink
activation.




--
To unsubscribe e-mail to: [hidden email]
Problems? https://www.libreoffice.org/get-help/mailing-lists/how-to-unsubscribe/
Posting guidelines + more: https://wiki.documentfoundation.org/Netiquette
List archive: https://listarchives.documentfoundation.org/www/discuss/
Privacy Policy: https://www.documentfoundation.org/privacy