How to check that CVE-2018-6871 is fixed?

Paul Menzel pmenzel+libreoffice at
Sat Feb 10 11:07:38 UTC 2018

Dear LibreOffice folks,

So according to CVE-2018-6871, “LibreOffice through 6.0.1 allows remote
attackers to read arbitrary files via =WEBSERVICE calls in a document,
which use the COM.MICROSOFT.WEBSERVICE function.”.

Maybe it’s my English, but “through 6.0.1” sounds to me like, that
version is affected. The vulnerability description page [2] says, that 
LibreOffice 6.0.1 is not affected.

> 100% success rate, absolutely silent, affect LibreOffice prior to
> 5.4.5/6.0.1 in all operation systems (GNU/Linux, MS Windows, macOS
> etc.) and may be embedded in almost all formats supporting by LO.

I was searching the bug tracker [3] for *CVE-2018-6871* and got no 
result, and the git commit log also doesn’t mention it. Neither do the 
release notes [4][5].

So, how can I find out, in what version that vulnerability was fixed?

Kind regards,



More information about the LibreOffice mailing list