From ${URL} : An information disclosure vulnerability occurs when LibreOffice 6.0.3 and Apache OpenOffice Writer 4.1.5 automatically process and initiate an SMB connection embedded in a malicious file, as demonstrated by xlink:href=file://192.168.0.2/test.jpg within an office:document-content element in a .odt XML document. References: http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Fedora tracker is completely useless...
https://www.libreoffice.org/about-us/security/advisories/cve-2018-10583/ I guess this will not be fixed, but a mitigation now exists: "Since LibreOffice 5.4.7, and 6.0.4 in the 6.X series, end users or administrators can disable this functionality to automatically fetch such linked images via "tools->options->security->options->block any links from documents not among the trusted locations"