Date: Mon, 21 Sep 2009 14:42:20 -0400 (EDT) From: "Steven M. Christey" <coley@...us.mitre.org> To: Thomas Biege <thomas@...e.de> cc: oss-security@...ts.openwall.com Subject: Re: OpenOffice.org CVE-2009-2139 On Thu, 10 Sep 2009, Thomas Biege wrote: > CVE-2009-2139 > > Manipulated EMF files can lead to heap overflows and arbitrary code > execution > > * Synopsis: Manipulated EMF files can lead to heap overflows and > arbitrary code execution > * State: Resolved We recently created CVE-2009-3239 to address an OpenOffice overflow in enhwmf.cxx/emfplus.cxx, as described in SUSE-SR:2009:015: "This update of OpenOffice.org fixes potential buffer overflow in EMF parser code (enhwmf.cxx, emfplus.cxx)." http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html Is CVE-2009-3239 a duplicate of CVE-2009-2139? (If so, we would probably keep CVE-2009-2139 and remove CVE-2009-3239.) - Steve
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.