CVE-2009-3569 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3569): Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side stack overflow exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2009-3570 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3570): Unspecified vulnerability in OpenOffice.org (OOo) has unspecified impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9. NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. CVE-2009-3571 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3571): Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
To be honest I've real problems to find any useful information in the CVEs, which version this relates too, what the vulnerability actually is, could you please help here? btw: are you sure those are actually valid for Linux http://securitytracker.com/alerts/2009/Sep/1022832.html only lists Windows for two of those...
Ping? Any security pros who want to give some inside here? From my perspective these are non-issues for us...
As long as no-one can actually come up with actual proof, that we are concerned by that (or that it's still open) I'd vote for closing this as invalid
Versions not in main tree. As only security people can close sec bugs do whatever you feel like, removing ooo from cc.
Old bug. noglsa.