Bug#551068: CVE-2009-3569, CVE-2009-3570, CVE-2009-3571: multiple vulnerabilities

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#551068: CVE-2009-3569, CVE-2009-3570, CVE-2009-3571: multiple vulnerabilities
From: Giuseppe Iuculano <iuculano@debian.org>
Date: Thu, 15 Oct 2009 14:30:30 +0200
Message-id: <[🔎] 20091015123030.10286.25289.reportbug@blog-devel.iuculano.it>
Reply-to: Giuseppe Iuculano <iuculano@debian.org>, 551068@bugs.debian.org

Package: openoffice.org
Version: 1:3.1.1-2
Severity: grave

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for openoffice.org.

CVE-2009-3569[0]:
| Stack-based buffer overflow in OpenOffice.org (OOo) allows remote
| attackers to execute arbitrary code via unspecified vectors, as
| demonstrated by a certain module in VulnDisco Pack Professional 8.8,
| aka "Client-side stack overflow exploit." NOTE: as of 20091005, this
| disclosure has no actionable information. However, because the
| VulnDisco Pack author is a reliable researcher, the issue is being
| assigned a CVE identifier for tracking purposes.

CVE-2009-3570[1]:
| Unspecified vulnerability in OpenOffice.org (OOo) has unspecified
| impact and remote attack vectors, as demonstrated by a certain module
| in VulnDisco Pack Professional 8.9.  NOTE: as of 200901005, this
| disclosure has no actionable information. However, because the
| VulnDisco Pack author is a reliable researcher, the issue is being
| assigned a CVE identifier for tracking purposes.

CVE-2009-3571[2]:
| Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact
| and client-side attack vector, as demonstrated by a certain module in
| VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as
| of 200901005, this disclosure has no actionable information. However,
| because the VulnDisco Pack author is a reliable researcher, the issue
| is being assigned a CVE identifier for tracking purposes.



If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3569
    http://security-tracker.debian.net/tracker/CVE-2009-3569
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3570
    http://security-tracker.debian.net/tracker/CVE-2009-3570
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3571
    http://security-tracker.debian.net/tracker/CVE-2009-3571


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkrXFeAACgkQNxpp46476aoIJwCfdBKK4Clxn9oAyPJP4kswEoZz
T0sAnjLsBpWqvQHmWU+ZYzGPeOU24NQu
=U0Eh
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: Bug#551043: Please add openoffice.org-svgimport extension
Next by Date: Processed: tagging 551068
Previous by thread: Processed: Re: Bug#551043: Please add openoffice.org-svgimport extension
Next by thread: Bug#551068: CVE-2009-3569, CVE-2009-3570, CVE-2009-3571: multiple vulnerabilities
Index(es):
- Date
- Thread