Dear LibreOffice folks,
So according to CVE-2018-6871, “LibreOffice through 6.0.1 allows remote
attackers to read arbitrary files via =WEBSERVICE calls in a document,
which use the COM.MICROSOFT.WEBSERVICE function.”.
Maybe it’s my English, but “through 6.0.1” sounds to me like, that
version is affected. The vulnerability description page [2] says, that
LibreOffice 6.0.1 is not affected.
100% success rate, absolutely silent, affect LibreOffice prior to
5.4.5/6.0.1 in all operation systems (GNU/Linux, MS Windows, macOS
etc.) and may be embedded in almost all formats supporting by LO.
I was searching the bug tracker [3] for *CVE-2018-6871* and got no
result, and the git commit log also doesn’t mention it. Neither do the
release notes [4][5].
So, how can I find out, in what version that vulnerability was fixed?
Kind regards,
Paul
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
[2] https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
[3] https://bugs.documentfoundation.org/
[4]
https://blog.documentfoundation.org/blog/2018/02/09/early-availability-libreoffice-5-4-5-libreoffice-6-0-1/
[5] https://wiki.documentfoundation.org/Releases/6.0.1/RC1
Context
- How to check that CVE-2018-6871 is fixed? · Paul Menzel
Privacy Policy |
Impressum (Legal Info) |
Copyright information: Unless otherwise specified, all text and images
on this website are licensed under the
Creative Commons Attribution-Share Alike 3.0 License.
This does not include the source code of LibreOffice, which is
licensed under the Mozilla Public License (
MPLv2).
"LibreOffice" and "The Document Foundation" are
registered trademarks of their corresponding registered owners or are
in actual use as trademarks in one or more countries. Their respective
logos and icons are also subject to international copyright laws. Use
thereof is explained in our
trademark policy.