Package: openoffice.org Version: 1:3.1.1-2 Severity: grave -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for openoffice.org. CVE-2009-3569[0]: | Stack-based buffer overflow in OpenOffice.org (OOo) allows remote | attackers to execute arbitrary code via unspecified vectors, as | demonstrated by a certain module in VulnDisco Pack Professional 8.8, | aka "Client-side stack overflow exploit." NOTE: as of 20091005, this | disclosure has no actionable information. However, because the | VulnDisco Pack author is a reliable researcher, the issue is being | assigned a CVE identifier for tracking purposes. CVE-2009-3570[1]: | Unspecified vulnerability in OpenOffice.org (OOo) has unspecified | impact and remote attack vectors, as demonstrated by a certain module | in VulnDisco Pack Professional 8.9. NOTE: as of 200901005, this | disclosure has no actionable information. However, because the | VulnDisco Pack author is a reliable researcher, the issue is being | assigned a CVE identifier for tracking purposes. CVE-2009-3571[2]: | Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact | and client-side attack vector, as demonstrated by a certain module in | VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as | of 200901005, this disclosure has no actionable information. However, | because the VulnDisco Pack author is a reliable researcher, the issue | is being assigned a CVE identifier for tracking purposes. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3569 http://security-tracker.debian.net/tracker/CVE-2009-3569 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3570 http://security-tracker.debian.net/tracker/CVE-2009-3570 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3571 http://security-tracker.debian.net/tracker/CVE-2009-3571 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkrXFeAACgkQNxpp46476aoIJwCfdBKK4Clxn9oAyPJP4kswEoZz T0sAnjLsBpWqvQHmWU+ZYzGPeOU24NQu =U0Eh -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
