Bug#551068: CVE-2009-3569, CVE-2009-3570, CVE-2009-3571: multiple vulnerabilities
Package: openoffice.org
Version: 1:3.1.1-2
Severity: grave
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for openoffice.org.
CVE-2009-3569[0]:
| Stack-based buffer overflow in OpenOffice.org (OOo) allows remote
| attackers to execute arbitrary code via unspecified vectors, as
| demonstrated by a certain module in VulnDisco Pack Professional 8.8,
| aka "Client-side stack overflow exploit." NOTE: as of 20091005, this
| disclosure has no actionable information. However, because the
| VulnDisco Pack author is a reliable researcher, the issue is being
| assigned a CVE identifier for tracking purposes.
CVE-2009-3570[1]:
| Unspecified vulnerability in OpenOffice.org (OOo) has unspecified
| impact and remote attack vectors, as demonstrated by a certain module
| in VulnDisco Pack Professional 8.9. NOTE: as of 200901005, this
| disclosure has no actionable information. However, because the
| VulnDisco Pack author is a reliable researcher, the issue is being
| assigned a CVE identifier for tracking purposes.
CVE-2009-3571[2]:
| Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact
| and client-side attack vector, as demonstrated by a certain module in
| VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as
| of 200901005, this disclosure has no actionable information. However,
| because the VulnDisco Pack author is a reliable researcher, the issue
| is being assigned a CVE identifier for tracking purposes.
If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3569
http://security-tracker.debian.net/tracker/CVE-2009-3569
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3570
http://security-tracker.debian.net/tracker/CVE-2009-3570
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3571
http://security-tracker.debian.net/tracker/CVE-2009-3571
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkrXFeAACgkQNxpp46476aoIJwCfdBKK4Clxn9oAyPJP4kswEoZz
T0sAnjLsBpWqvQHmWU+ZYzGPeOU24NQu
=U0Eh
-----END PGP SIGNATURE-----
Reply to: