How to check that CVE-2018-6871 is fixed?
Paul Menzel
pmenzel+libreoffice at molgen.mpg.de
Sat Feb 10 11:07:38 UTC 2018
Dear LibreOffice folks,
So according to CVE-2018-6871, “LibreOffice through 6.0.1 allows remote
attackers to read arbitrary files via =WEBSERVICE calls in a document,
which use the COM.MICROSOFT.WEBSERVICE function.”.
Maybe it’s my English, but “through 6.0.1” sounds to me like, that
version is affected. The vulnerability description page [2] says, that
LibreOffice 6.0.1 is not affected.
> 100% success rate, absolutely silent, affect LibreOffice prior to
> 5.4.5/6.0.1 in all operation systems (GNU/Linux, MS Windows, macOS
> etc.) and may be embedded in almost all formats supporting by LO.
I was searching the bug tracker [3] for *CVE-2018-6871* and got no
result, and the git commit log also doesn’t mention it. Neither do the
release notes [4][5].
So, how can I find out, in what version that vulnerability was fixed?
Kind regards,
Paul
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
[2] https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
[3] https://bugs.documentfoundation.org/
[4]
https://blog.documentfoundation.org/blog/2018/02/09/early-availability-libreoffice-5-4-5-libreoffice-6-0-1/
[5] https://wiki.documentfoundation.org/Releases/6.0.1/RC1
More information about the LibreOffice
mailing list