Am Samstag, 19. April 2014, 19:19:41 schrieb Mick: > On Saturday 19 Apr 2014 18:18:39 Mick wrote: > > On Saturday 19 Apr 2014 02:29:35 walt wrote: > > > Not long ago I started building my own libreoffice from their git repo > > > because I wanted to bisect a recent libreoffice bug in localc. > > > > > > In the process of finding the bug I discovered that libreoffice ships > > > its own copy of openssl along with many other common opensource > > > libraries. > > > > > > The libreoffice team committed the heartbleed fix to their git repo a > > > few days ago, which got me thinking about why libreoffice needs ssl. > > > > > > I'm thinking maybe for odbc, maybe webdav? I dunno because all I > > > really use is localc and I don't know anything about the other stuff. > > > > > > Are the users of libreoffice-stable at risk from heartbleed? I don't > > > know enough to judge, but I worry about it. > > > > I thought that they used NSS for digital signing of documents, but in any > > > > case it seems that LO is also impacted by the Heartbleed bug of openssl: > > http://secunia.com/community/advisories/57881 > > and here: > > http://www.libreoffice.org/about-us/security/advisories/cve-2014-0160/
"Users are recommended to upgrade to 4.2.3 to avoid this flaw when using the packages provided from www.libreoffice.org which include a bundled copy of openssl." However, we build from sources and use the system libraries. huettel@porto ~ $ lsof|grep soffice|grep libssl soffice.b 31006 huettel mem REG 8,1 423840 795269 /usr/lib64/libssl.so.1.0.0 -- Andreas K. Huettel Gentoo Linux developer (council, kde) [email protected] http://www.akhuettel.de/
signature.asc
Description: This is a digitally signed message part.
