Not long ago I started building my own libreoffice from their git repo because I wanted to bisect a recent libreoffice bug in localc.
In the process of finding the bug I discovered that libreoffice ships its own copy of openssl along with many other common opensource libraries. The libreoffice team committed the heartbleed fix to their git repo a few days ago, which got me thinking about why libreoffice needs ssl. I'm thinking maybe for odbc, maybe webdav? I dunno because all I really use is localc and I don't know anything about the other stuff. Are the users of libreoffice-stable at risk from heartbleed? I don't know enough to judge, but I worry about it.