Date: Tue, 1 Dec 2009 08:37:54 +0100 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: coley@...us.mitre.org Subject: Re: Need more information on recent poppler issues On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey" <coley@...us.mitre.org> wrote: > > DSA-1941 lists three reserved CVE entries for Poppler issues, but there > aren't any more details, which makes it difficult to create CVE > descriptions. Specifically, CVE-2009-3906, CVE-2009-3907, and > CVE-2009-3908 don't have any details as far as I can tell. > > Can anybody help? They look like typos to me. That DSA lists 7 CVE-2009-390x CVEs, while it should probably list CVE-2009-3*6*0x ones. CVE-2009-390 are public and for unrelated applications. Changelog seems to list correct ids: +poppler (0.8.7-3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2009-3603 to CVE-2009-3609, CVE-2009-0755. Based on patches + by Marc Deslauriers + * Fix CVE-2009-3938 + + -- Moritz Muehlenhoff <jmm@...ian.org> Tue, 24 Nov 2009 21:54:26 +0100 HTH -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ