CVE-2021-25633: 
NixOS vulnerability analysis and mitigation

An Improper Certificate Validation vulnerability was discovered in LibreOffice's support for digital signatures in ODF documents (CVE-2021-25633). The vulnerability was announced on October 11, 2021, and affected all versions of LibreOffice prior to versions 7.0.6/7.1.2. The issue also impacted Apache OpenOffice up to version 4.1.10 (LibreOffice Advisory, OSS Security).

The vulnerability allowed attackers to manipulate the documentsignatures.xml or macrosignatures.xml stream within ODF documents to combine multiple certificate data. When such a manipulated document was opened, LibreOffice would incorrectly display a valid signature indicator for content that was unrelated to the shown signature (LibreOffice Advisory).

This vulnerability could result in incorrect signature indicators being presented to users, potentially allowing attackers to make maliciously modified documents appear to be legitimately signed by trusted sources (Debian Advisory).

The vulnerability was fixed in LibreOffice versions 7.0.6/7.1.2. Users were advised to upgrade to these or later versions. For Debian systems, the fix was included in version 1:7.0.4-4+deb11u1. Red Hat Enterprise Linux 8 users received the fix through the libreoffice-6.4.7.2-10.el8 update (Debian Advisory, Red Hat Advisory).