-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 May 2026 13:04:39 +0200 Source: libreoffice Architecture: source Version: 4:25.2.3-2+deb13u5 Distribution: trixie-security Urgency: medium Maintainer: Debian LibreOffice Maintainers Changed-By: Rene Engelhard Changes: libreoffice (4:25.2.3-2+deb13u5) trixie-security; urgency=medium . * debian/patches/CVE-2026-*.diff: fix - CVE-2026-6039 DXF heap-buffer-overflow in DrawLWPolyLineEntity - CVE-2026-6040 ODT use-after-free in lcl_InsertBlankWidthChars - CVE-2026-6045 EMF+ Heap-buffer-overflow in EMFPBrush::Read - CVE-2026-8356 ANT-2026-01882: Stack Buffer Overflow in `SdrEscherImport::RecolorGraphic()` - CVE-2026-8357 ANT-2026-03093: Off-by-one heap-buffer-overflow in LibreOffice Calc formula compiler - CVE-2026-8358 ANT-2026-03238: Heap-buffer-overflow in LibreOffice Calc FODS tracked-changes importer via duplicate action ID Checksums-Sha1: 1a9b027ae4645b5405c2f048ad49ae3f5ad803eb 36665 libreoffice_25.2.3-2+deb13u5.dsc f59a76eeddebb3e91f3fc6729e37d9501e2cef66 28306232 libreoffice_25.2.3-2+deb13u5.debian.tar.xz 30a4ad41c7a1fa4619f900c36bfd9b6c35eac615 27839 libreoffice_25.2.3-2+deb13u5_source.buildinfo Checksums-Sha256: 062527d494e7b5a7e8a7f0e7c2f72b93d98fae51b338ffc40db35aeadba5edb3 36665 libreoffice_25.2.3-2+deb13u5.dsc f6da2c57c2bbf65089a28e8311fa2d22719337d876334642b290f49ebf912e79 28306232 libreoffice_25.2.3-2+deb13u5.debian.tar.xz c467d5e8a0f219370e90a6b0937e8adfbba1d4000f12f8b11b32777f9774fe41 27839 libreoffice_25.2.3-2+deb13u5_source.buildinfo Files: 1687a983dc2b9ab2ad61c074a2395ed5 36665 editors optional libreoffice_25.2.3-2+deb13u5.dsc 8a46447e02bd2a0455ecc861e98b1c2f 28306232 editors optional libreoffice_25.2.3-2+deb13u5.debian.tar.xz 65e8232cf8351cdac4e6c0314c8ad63f 27839 editors optional libreoffice_25.2.3-2+deb13u5_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJEBAEBCgAuFiEE4S3qRnUGcM+pYIAdCqBFcdA+PnAFAmoUrMQQHHJlbmVAZGVi aWFuLm9yZwAKCRAKoEVx0D4+cPFeD/9zKTx980dqQHLCDTSkB7etyeZV1I7s6wEf JqtGYgxMdrV2OdxHF3sbJ5ab0BAHaZ6a4x3/HkBB0IVq3MMZHCtoSdlAzxofP4Fz FWC2TXmdG9wD/Em0b5VBvfxf+eYd6KFJb0pIkwA2GYc+dXbSHtGCaYnodVfeTN/2 fi1RfEGVLqtIze6VdNBcaIl5eRcrOWrCuuNSa1fQVdJXdRf77/4ximFgYerKY27a WU7yZDCDFsnj7mzCtIaoAWp42l9x9evRBPFhvRzX61f57ruzgrH5e+YoFUC5i+AA LO42m52sSHc918jAY+FUx+Mjdv1dG54ML2P5HKXTG8YaJrAYOX7KxH3l2yidhJOF xWNCJSWaYiBfUZK2p6dRrmSjYaPxRpQb5GwL/xTtsFDHnF2eTiyq8WCBItGcGT5S zGn6tKxQZ9ZrWVlTQqRLvwpgE5Owkf41JIKgKFuNc3OhGGNa1pb85jnYrCfDaxwq 3fCpyvktb5oygNQIns7K9phOVm/wjpY+AIeFmyDM55I6VtPcL9Udt87bwrGsHS4V SF2U8oZnwV2dE6L2m1bY0ZL62D8Q8uHHu/EchcnjXOtMQu8deG3XQYJ62lbEOF2j v+ucVNOHDD8o6xJrjpxCcdlOVd/wjlRu3Ya99hqDU00jeMR7E2NjRT52lhQjfQv4 MjH3PSDxlw== =o7Wk -----END PGP SIGNATURE-----