Date: Sun, 25 Oct 2009 02:21:51 +0000 (UTC) From: security curmudgeon <jericho@...rition.org> To: oss-security@...ts.openwall.com Subject: Re: CVE-2009-3239 is a duplicate of CVE-2009-2139 and CVE-2009-2140 : CVE-2009-3239 appears to be a duplicate of CVE-2009-2139 and : CVE-2009-2140, and should therefore be rejected. CVE may abstract on these: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3239 Buffer overflow in the EMF parser implementation in OpenOffice.org (OOo) in SUSE openSUSE 10.3 through 11.1, Novell Linux Desktop (NLD) 9, and SUSE Linux Enterprise (SLE) 10 and 11 has unknown impact and remote attack vectors, related to enhwmf.cxx and emfplus.cxx. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2139 Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238. http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2140 Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238. 1. 2139 and 2140 were created next to each other. That is usually a strong indication that CVE chose to abstract between two issues. 2. 3239 is in OOo, while 2139/2140 are in Go-oo, which was "previously .. related to OOo". If Go-oo represents a code fork, there are two products in question now. While CVE will merge products on similar issues, I don't believe it is set in stone. 3. I may be totally off and they may be considered dupes. =) OSVDB is keeping them split for now, given the difference in products. Brian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.