On Saturday 19 Apr 2014 02:29:35 walt wrote: > Not long ago I started building my own libreoffice from their git repo > because I wanted to bisect a recent libreoffice bug in localc. > > In the process of finding the bug I discovered that libreoffice ships its > own copy of openssl along with many other common opensource libraries. > > The libreoffice team committed the heartbleed fix to their git repo a few > days ago, which got me thinking about why libreoffice needs ssl. > > I'm thinking maybe for odbc, maybe webdav? I dunno because all I really > use is localc and I don't know anything about the other stuff. > > Are the users of libreoffice-stable at risk from heartbleed? I don't > know enough to judge, but I worry about it.
I thought that they used NSS for digital signing of documents, but in any case it seems that LO is also impacted by the Heartbleed bug of openssl: http://secunia.com/community/advisories/57881 -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
