On Fri, Oct 23, 2009 at 04:35:39PM +0200, Rene Engelhard wrote: > CVE-2009-2139 Heap-based buffer overflow in > svtools/source/filter.vcl/wmf/enhwmf.cxx ... > CVE-2009-2140 Multiple heap-based buffer overflows in ... > CVE-2009-3239 Buffer overflow in the EMF parser implementation in > OpenOffice.org ... > > fixed, but security-tracker buggy....
This is DSA-1880-1: # CVE-2009-2139 A vulnerability has been discovered in the parser of EMF files of OpenOffice/Go-oo 2.x and 3.x that can be triggered by a specially crafted document and lead to the execution of arbitrary commands the privileges of the user running OpenOffice.org/Go-oo. This vulnerability does not exist in the packages for oldstable, testing and unstable. The other two CVEs talk about the same issus but got missed/double-assigned.. Ccing security team, please fix the security tracker... Grüße/Regards, Rene -- To UNSUBSCRIBE, email to debian-qa-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org