Re: CVE-2009-3239 is a duplicate of CVE-2009-2139 and CVE-2009-2140

[Michael Gilbert <michael.s.gilbert () gmail com>]

On Sun, 25 Oct 2009 02:21:51 +0000 (UTC), security curmudgeon wrote:
> : CVE-2009-3239 appears to be a duplicate of CVE-2009-2139 and 
> : CVE-2009-2140, and should therefore be rejected.
>
> CVE may abstract on these:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-3239
>
> Buffer overflow in the EMF parser implementation in OpenOffice.org (OOo) 
> in SUSE openSUSE 10.3 through 11.1, Novell Linux Desktop (NLD) 9, and 
> SUSE Linux Enterprise (SLE) 10 and 11 has unknown impact and remote 
> attack vectors, related to enhwmf.cxx and emfplus.cxx.
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2139
>
> Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in 
> Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to 
> OpenOffice.org (OOo), allows remote attackers to execute arbitrary code 
> via a crafted EMF file, a similar issue to CVE-2008-2238.

in past cve's, from what i've seen, when there is an issue with the same
source code in multiple projects (i.e. embeds and forks), there is only
one cve issued with a text something like, "buffer overflow in
openoffice.org and go-oo...."

so, i think 2009-3239 should be rejected and the text for 2009-2139
should be updated to indicate that the problem affects both
openoffice.org and go-oo.

mike