CVE-2023-1183

Name	CVE-2023-1183
Description	A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3467-1, DLA-3468-1, DSA-5436-1, DSA-5437-1, DSA-5995-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
hsqldb (PTS)	bullseye (security), bullseye	2.5.1-1+deb11u2	fixed
	bookworm, bookworm (security)	2.7.1-1+deb12u1	fixed
	forky, sid, trixie	2.7.4-1	fixed
hsqldb1.8.0 (PTS)	bullseye (security), bullseye	1.8.0.10+dfsg-10+deb11u1	fixed
	bookworm, bookworm (security)	1.8.0.10+dfsg-11+deb12u1	fixed
	trixie	1.8.0.10+dfsg-12.1	vulnerable
	trixie (security)	1.8.0.10+dfsg-12.1+deb13u1	fixed
	forky, sid	1.8.0.10+dfsg-14	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
hsqldb	source	buster	2.4.1-2+deb10u2	DLA-3467-1
hsqldb	source	bullseye	2.5.1-1+deb11u2	DSA-5437-1
hsqldb	source	bookworm	2.7.1-1+deb12u1	DSA-5437-1
hsqldb	source	(unstable)	2.7.2-1
hsqldb1.8.0	source	buster	1.8.0.10+dfsg-10+deb10u1	DLA-3468-1
hsqldb1.8.0	source	bullseye	1.8.0.10+dfsg-10+deb11u1	DSA-5436-1
hsqldb1.8.0	source	bookworm	1.8.0.10+dfsg-11+deb12u1	DSA-5436-1
hsqldb1.8.0	source	trixie	1.8.0.10+dfsg-12.1+deb13u1	DSA-5995-1
hsqldb1.8.0	source	(unstable)	1.8.0.10+dfsg-14

Notes

https://www.libreoffice.org/about-us/security/advisories/cve-2023-1183/
https://gerrit.libreoffice.org/c/core/+/146905
https://sourceforge.net/p/hsqldb/svn/6639/