Rene Engelhard rene at
Sun Feb 21 21:43:31 UTC 2021


Am 21.02.21 um 09:43 schrieb Andrew Udvare:
>> On 2021-02-20, at 16:48, Jean-Baptiste Faure <jbfaure at> wrote:
>> Hi,
>> I certainly did not understand everything in, but I wonder if LibreOffice could be subject to this kind of vulnerability?
> As far as I can tell, the dependencies that LibreOffice uses in distributions are gathered manually and updated manually. So, not really.

It's not that easy. The question indeed doesn't make sense for
LibreOffice itself.

Still anything which uses those "get your dependencies randomly from
some random place in random versions and save them into your tree"
thingy like npm, pip etc. is a problem.

And LibreOffice Online *does* use npm.

So while LibreOffice itself shouldn't be affected, conceptually by using
npm LibreOffce Online is.



More information about the LibreOffice mailing list