- Package:
- src:libreoffice
- Source:
- libreoffice
- Submitter:
- Helmut Grohne
- Date:
- 2025-08-08 14:20:15 UTC
- Severity:
- important
- Tags:
Looking at a sample build log (https://buildd.debian.org/status/fetch.php?pkg=libreoffice&arch=m68k&ver=1%3A5.4.1-1&stamp=1504466495&raw=0) one can see: | ... analyzing package list ... | ... creating log file /tmp/LibreOffice//logging/en-US/log_540_en-US.log | ... creating installation set in /tmp/LibreOffice//install/LibreOffice_5.4.1.2.0_Linux ... | ... removing old installation directories ... What looks like a predictable /tmp path turns out to be one: https://lists.freedesktop.org/archives/libreoffice/2017-August/078249.html Another local user may use this vulnerability to gain privileges of a user who is building libreoffice from source. I did not request a CVE for this issue. Helmut
JFTR, we don't treat these as security issues from jessie onwards since kernel hardening renders these non-exploitable: https://www.debian.org/releases/jessie/amd64/release-notes/ch-whats-new.en.html#security Cheers, Moritz
Dear submitter, as the package libreoffice has just been removed from the Debian archive experimental we hereby close the associated bug reports. We are sorry that we couldn't deal with your issue properly. For details on the removal, please see https://bugs.debian.org/1069123 The version of this package that was in Debian prior to this removal can still be found using https://snapshot.debian.org/. Please note that the changes have been done on the master archive and will not propagate to any mirrors until the next dinstall run at the earliest. This message was generated automatically; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org. Debian distribution maintenance software pp. Scott Kitterman (the ftpmaster behind the curtain)
Humanitarian Grant of 1.5M for you. Reply for claims