Date: Thu, 2 Jun 2011 16:01:38 -0400 (EDT) From: Josh Bressers <bressers@...hat.com> To: oss-security@...ts.openwall.com Cc: Caolán McNamara <caolanm@...hat.com>, David Tardon <dtardon@...hat.com>, Evgeny Legerov <admin@...evydis.com>, "Steven M. Christey" <coley@...us.mitre.org> Subject: Re: CVE Request -- OpenOffice.org -- InteVyDis Demo of OpenOffice 0day. Released with VulnDisco 8.8 pack (release date May,2009) ----- Original Message ----- > Hello, Josh, Steve, vendors, > > A new security flaw, potentially allowing execution of arbitrary code > with the privileges of the user running the OpenOffice.org suite tools > has been reported by the InteVyDis security researchers team: >  http://intevydis.com/oo_0day.html >  http://twitter.com/#!/legerov/status/75482755194032128 > > References: >  https://bugzilla.redhat.com/show_bug.cgi?id=709705 > > Unfortunately there doesn't seem to be further detailed information > available right now. But from the Twitter post, looks this issue is > still valid against OpenOffice.org v3.3. > > Hopefully Evgeny Legerov of InteVyDis security researchers team > (Cc-ed) > could provide further background information about this issue, i.e. > if it is an old issue (like date of 2009 would suggest) and thus a CVE > identifier has been already assigned to this issue or is this > completely > new issue (which did not get fixed from 2009 till now) and thus it > requires a new CVE id. > > Evgeny, any further information you could provide here, to clear the CVE > doubt is really appreciated. > > Once the CVE doubt cleared, could you allocate a CVE id for this issue? > I'd say this is plenty to give a CVE ID. Use CVE-2011-2177 Thanks. -- JB
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ