We need to fix CVE-2018-6871 in our LibreOffice package. This bug allows
remote attackers to read any file accessible from LibreOffice by
supplying a crafted file to open in LibreOffice.

Apparently the bug is fixed in LibreOffice 5.4.5 or 6.0.1.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6871
https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure