libreoffice:sid is vulnerable to Improper Verification of Cryptographic Signature. The vulnerability is manipulating the documentsignatures.xml or macrosignatures.xml stream within the document to contain both X509Data and KeyValue children of the KeyInfo tag. When opened, it causes LibreOffice to verify the KeyValue but to report that the verification is made with the unrelated X509Data value.
lists.debian.org/debian-lts-announce/2023/03/msg00022.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/
lists.fedoraproject.org/archives/list/[email protected]/message/NE6UIBCPZWRBWPSEGJOPNWPPT3CCMVH2/
security-tracker.debian.org/tracker/CVE-2021-25636
www.libreoffice.org/about-us/security/advisories/CVE-2021-25636/