Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 1 Dec 2009 23:18:57 +0100
From: Moritz Muehlenhoff <jmm@...til.org>
To: oss-security@...ts.openwall.com
Cc: coley@...us.mitre.org
Subject: Re: Need more information on recent poppler issues

On Tue, Dec 01, 2009 at 08:37:54AM +0100, Tomas Hoger wrote:
> On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey"
> <coley@...us.mitre.org> wrote:
> 
> > 
> > DSA-1941 lists three reserved CVE entries for Poppler issues, but there
> > aren't any more details, which makes it difficult to create CVE
> > descriptions.  Specifically, CVE-2009-3906, CVE-2009-3907, and
> > CVE-2009-3908 don't have any details as far as I can tell.
> > 
> > Can anybody help?
> 
> They look like typos to me.  That DSA lists 7 CVE-2009-390x CVEs, while
> it should probably list CVE-2009-3*6*0x ones.  CVE-2009-390[345] are
> public and for unrelated applications.

Yes, that is correct (and has been fixed in the Debian Security Tracker
a few days ago: http://security-tracker.debian.org/tracker/source-package/poppler)

I blame it on the new console mouse mode in Emacs 23 which broke copy&paste
from a different tty with GPM ;-) (Disabling gpm-mouse-mode helps, as I
found out later.)

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ