Resolved Bugs
1165740 – libreoffice: crash importing malformed .rtf [fedora-all]
1167503 – CVE-2014-3693 libreoffice: Use-After-Free in socket manager of Impress Remote [fedora-all]
1139592 – CVE-2014-3575 libreoffice: openoffice: Arbitrary file disclosure via crafted OLE objects [fedora-all]<br
CVE-2014-9093 backport some arbitrary rtf crash fixes
CVE-2014-3693 Use-after-free in Impress Remote socket manager
CVE-2014-3575 arbitrary file preview disclosure via ole2 objects
The vulnerability allows an attacker to send a document which when opened will trigger the prompt to “Update Links” but if the user cancels that prompt may still generate and insert into the document an OLE2 preview image of a file on the victims filesystem, Data exposure is possible if the updated document is then distributed to other parties.