oss-sec mailing list archives
Re: OpenOffice.org CVE-2009-2139
From: Marcus Meissner <meissner () suse de>
Date: Tue, 22 Sep 2009 17:47:11 +0200
On Mon, Sep 21, 2009 at 02:42:20PM -0400, Steven M. Christey wrote:
On Thu, 10 Sep 2009, Thomas Biege wrote:CVE-2009-2139 Manipulated EMF files can lead to heap overflows and arbitrary code execution * Synopsis: Manipulated EMF files can lead to heap overflows and arbitrary code execution * State: ResolvedWe recently created CVE-2009-3239 to address an OpenOffice overflow in enhwmf.cxx/emfplus.cxx, as described in SUSE-SR:2009:015: "This update of OpenOffice.org fixes potential buffer overflow in EMF parser code (enhwmf.cxx, emfplus.cxx)." http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html Is CVE-2009-3239 a duplicate of CVE-2009-2139? (If so, we would probably keep CVE-2009-2139 and remove CVE-2009-3239.)
Our text actually references the issues CVE-2009-2139 and CVE-2009-2140 but did not specify them due to an oversight. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2139 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2140 Both are go-ooo.org build specific issues. Ciao, Marcus
Current thread:
- OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 09)
- Re: OpenOffice.org CVE-2009-2139 Thomas Biege (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 11)
- Re: OpenOffice.org CVE-2009-2139 Steven M. Christey (Sep 21)
- Re: OpenOffice.org CVE-2009-2139 Marcus Meissner (Sep 22)
- Re: OpenOffice.org CVE-2009-2139 Tomas Hoger (Sep 10)
- Re: OpenOffice.org CVE-2009-2139 Thomas Biege (Sep 10)