On Saturday 19 Apr 2014 18:18:39 Mick wrote: > On Saturday 19 Apr 2014 02:29:35 walt wrote: > > Not long ago I started building my own libreoffice from their git repo > > because I wanted to bisect a recent libreoffice bug in localc. > > > > In the process of finding the bug I discovered that libreoffice ships its > > own copy of openssl along with many other common opensource libraries. > > > > The libreoffice team committed the heartbleed fix to their git repo a few > > days ago, which got me thinking about why libreoffice needs ssl. > > > > I'm thinking maybe for odbc, maybe webdav? I dunno because all I really > > use is localc and I don't know anything about the other stuff. > > > > Are the users of libreoffice-stable at risk from heartbleed? I don't > > know enough to judge, but I worry about it. > > I thought that they used NSS for digital signing of documents, but in any > case it seems that LO is also impacted by the Heartbleed bug of openssl: > > http://secunia.com/community/advisories/57881
and here: http://www.libreoffice.org/about-us/security/advisories/cve-2014-0160/ -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.