[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#552124: qa.debian.org: bogusly warns about security issues when fixed

On Fri, Oct 23, 2009 at 04:35:39PM +0200, Rene Engelhard wrote:
> CVE-2009-2139	Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...
> CVE-2009-2140	Multiple heap-based buffer overflows in ...
> CVE-2009-3239	Buffer overflow in the EMF parser implementation in OpenOffice.org ...
> 
> fixed, but security-tracker buggy....

This is DSA-1880-1:

# CVE-2009-2139

A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo.

This vulnerability does not exist in the packages for oldstable, testing and unstable.

The other two CVEs talk about the same issus but got missed/double-assigned..

Ccing security team, please fix the security tracker...

Grüße/Regards,

Rene
Reply to: