Debian Buster DLA-3703-1 Severe: LibreOffice Multiple Threats and Fixes

CVE-2020-12801

If LibreOffice has an encrypted document
open and crashes, that document is auto-saved encrypted.
On restart, LibreOffice offers to restore the document
and prompts for the password to decrypt it. If the recovery
is successful, and if the file format of the recovered document
was not LibreOffice's default ODF file format, then affected versions
of LibreOffice default that subsequent saves of the document
are unencrypted. This may lead to a user accidentally saving
a MSOffice file format document unencrypted while believing
it to be encrypted.

CVE-2020-12802

LibreOffice has a 'stealth mode' in which only
documents from locations deemed 'trusted' are allowed to
retrieve remote resources. This mode is not the default mode,
but can be enabled by users who want to disable LibreOffice's ability
to include remote resources within a document. A flaw existed
where remote graphic links loaded from docx documents were omitted