Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Dec 2009 08:37:54 +0100
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: coley@...us.mitre.org
Subject: Re: Need more information on recent poppler issues

On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey"
<coley@...us.mitre.org> wrote:

> 
> DSA-1941 lists three reserved CVE entries for Poppler issues, but there
> aren't any more details, which makes it difficult to create CVE
> descriptions.  Specifically, CVE-2009-3906, CVE-2009-3907, and
> CVE-2009-3908 don't have any details as far as I can tell.
> 
> Can anybody help?

They look like typos to me.  That DSA lists 7 CVE-2009-390x CVEs, while
it should probably list CVE-2009-3*6*0x ones.  CVE-2009-390[345] are
public and for unrelated applications.

Changelog seems to list correct ids:

+poppler (0.8.7-3) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2009-3603 to CVE-2009-3609, CVE-2009-0755. Based on patches
+    by Marc Deslauriers
+  * Fix CVE-2009-3938
+
+ -- Moritz Muehlenhoff <jmm@...ian.org>  Tue, 24 Nov 2009 21:54:26 +0100

HTH

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ