So according to CVE-2018-6871, “LibreOffice through 6.0.1 allows remote
attackers to read arbitrary files via =WEBSERVICE calls in a document,
which use the COM.MICROSOFT.WEBSERVICE function.”.
Maybe it’s my English, but “through 6.0.1” sounds to me like, that
version is affected. The vulnerability description page  says, that
LibreOffice 6.0.1 is not affected.
> 100% success rate, absolutely silent, affect LibreOffice prior to
> 5.4.5/6.0.1 in all operation systems (GNU/Linux, MS Windows, macOS
> etc.) and may be embedded in almost all formats supporting by LO.
I was searching the bug tracker  for *CVE-2018-6871* and got no
result, and the git commit log also doesn’t mention it. Neither do the
release notes .
So, how can I find out, in what version that vulnerability was fixed?
On Sat, Feb 10, 2018 at 12:07:38PM +0100, Paul Menzel wrote:
> Maybe it’s my English, but “through 6.0.1” sounds to me like, that
> version is affected. The vulnerability description page  says, that
> LibreOffice 6.0.1 is not affected.
I'd more guess it's that irresponsible disclosure guys english...
> So, how can I find out, in what version that vulnerability was fixed?
As others said: yes, 5.4.5/6.0.1 are fixed.
(And please use CVE-2018-1005, not that guys CVE.. We shouldn't honour
him for this irresponsible disclosure.)