Description: Recently a Chinese blog have an article mentioned a Trojan horse called “DCM”, also known as “黑暗幽灵木马” (hēiàn yōulíng mùmǎ) in Chinese, which have been exposed by Tencent Corp. in April. Steps to Reproduce: As the author, this Trojan using DNS poisoning to distribute itself, and insert itself within software pack when user update. Actual Results: After update, this Trojan can be inserted within LibreOffice, but the user cannot be mentioned. Expected Results: To avoid this Trojan, using encrypted proctol to check and download update is necessary, and creating an validate machenism after download the update pack is also useful. Source: https://program-think.blogspot.com/2016/08/Trojan-Horse-DCM.html Reproducible: Always User Profile Reset: No Additional Info: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0
Closing as INVALID. This isn't a bug report. If you think there's a security issue with libreoffice see https://www.libreoffice.org/about-us/security/. This isn't a valid report so I'm closing it.
(In reply to Joel Madero from comment #1) > Closing as INVALID. This isn't a bug report. If you think there's a security > issue with libreoffice see https://www.libreoffice.org/about-us/security/. > > This isn't a valid report so I'm closing it. Thanks.