Date: Tue, 22 Sep 2009 17:47:11 +0200 From: Marcus Meissner <meissner@...e.de> To: oss-security@...ts.openwall.com Cc: Thomas Biege <thomas@...e.de> Subject: Re: OpenOffice.org CVE-2009-2139 On Mon, Sep 21, 2009 at 02:42:20PM -0400, Steven M. Christey wrote: > > On Thu, 10 Sep 2009, Thomas Biege wrote: > > > CVE-2009-2139 > > > > Manipulated EMF files can lead to heap overflows and arbitrary code > > execution > > > > * Synopsis: Manipulated EMF files can lead to heap overflows and > > arbitrary code execution > > * State: Resolved > > We recently created CVE-2009-3239 to address an OpenOffice overflow in > enhwmf.cxx/emfplus.cxx, as described in SUSE-SR:2009:015: > > "This update of OpenOffice.org fixes potential buffer overflow in EMF > parser code (enhwmf.cxx, emfplus.cxx)." > > http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html > > Is CVE-2009-3239 a duplicate of CVE-2009-2139? > > (If so, we would probably keep CVE-2009-2139 and remove CVE-2009-3239.) Our text actually references the issues CVE-2009-2139 and CVE-2009-2140 but did not specify them due to an oversight. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2140 Both are go-ooo.org build specific issues. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.