It was discovered that LibreOffice would incorrectly handle digital
signature verification after repairing a corrupted document. A remote
attacker could possibly use this issue to forge valid signatures.
Use Skia instead of cairo for 2D rendering and enable GPU rendering by default.
Enable offscreen canvas by default.
Add support for system tracing with Sysprof.
Implement printing using the Print portal.
Add new API to load settings from a config file.
Add a new setting to enable or disable the 2D canvas acceleration (enabled by default).
Undeprecate console messages API and make it available in 6.0 API.
High CVE-2024-8904: Type Confusion in V8
Medium CVE-2024-8905: Inappropriate implementation in V8
Medium CVE-2024-8906: Incorrect security UI in Downloads
Medium CVE-2024-8907: Insufficient data validation in Omnibox
Low CVE-2024-8908: Inappropriate implementation in Autofill
Low CVE-2024-8909: Inappropriate implementation in UI
High CVE-2024-8904: Type Confusion in V8
Medium CVE-2024-8905: Inappropriate implementation in V8
Medium CVE-2024-8906: Incorrect security UI in Downloads
Medium CVE-2024-8907: Insufficient data validation in Omnibox
Low CVE-2024-8908: Inappropriate implementation in Autofill
Low CVE-2024-8909: Inappropriate implementation in UI
Maxime Escourbiac and Yassine Bengana discovered that Git incorrectly
handled some gettext machinery. An attacker could possibly use this issue
to allows the malicious placement of crafted messages. This issue was fixed
in Ubuntu 16.04 LTS. (CVE-2023-25815)
It was discovered that Git incorrectly handled certain submodules.
An attacker could possibly use this issue to execute arbitrary code.
This issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32002)
It was discovered that Git incorrectly handled certain cloned repositories.
An attacker could possibly use this issue to execute arbitrary code. This
issue was fixed in Ubuntu 18.04 LTS. (CVE-2024-32004, CVE-2024-32465)
It was discovered that Git incorrectly handled local clones with hardlinked
files/directories. An attacker could possibly use this issue to place a
specialized repository on their target’s local system. This issue was fixed
in Ubuntu 18.04 LTS. (CVE-2024-32020)
It was discovered that Git incorrectly handled certain symlinks. An
attacker could possibly use this issue to impact availability and
integrity creating hardlinked arbitrary files into users repository’s
objects/directory. This issue was fixed in Ubuntu 18.04 LTS.
(CVE-2024-32021)
Threat: Backdoor.Win32.BlackAngel.13
Vulnerability: Unauthenticated Remote Command Execution
Description: The malware listens on TCP port 1850. Third party
adversaries who can reach an infected host can issue commands made
available by the backdoor….
Threat: Backdoor.Win32.CCInvader.10
Vulnerability: Authentication Bypass
Description: The malware runs an FTP server. Third-party adversarys
who can reach infected systems can logon using any username/password
combination. Intruders may then upload…
