Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Dec 2009 23:18:57 +0100
From: Moritz Muehlenhoff <jmm@...til.org>
To: oss-security@...ts.openwall.com
Cc: coley@...us.mitre.org
Subject: Re: Need more information on recent poppler issues

On Tue, Dec 01, 2009 at 08:37:54AM +0100, Tomas Hoger wrote:
> On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey"
> <coley@...us.mitre.org> wrote:
> 
> > 
> > DSA-1941 lists three reserved CVE entries for Poppler issues, but there
> > aren't any more details, which makes it difficult to create CVE
> > descriptions.  Specifically, CVE-2009-3906, CVE-2009-3907, and
> > CVE-2009-3908 don't have any details as far as I can tell.
> > 
> > Can anybody help?
> 
> They look like typos to me.  That DSA lists 7 CVE-2009-390x CVEs, while
> it should probably list CVE-2009-3*6*0x ones.  CVE-2009-390[345] are
> public and for unrelated applications.

Yes, that is correct (and has been fixed in the Debian Security Tracker
a few days ago: http://security-tracker.debian.org/tracker/source-package/poppler)

I blame it on the new console mouse mode in Emacs 23 which broke copy&paste
from a different tty with GPM ;-) (Disabling gpm-mouse-mode helps, as I
found out later.)

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.