Date: Tue, 22 Dec 2009 18:34:49 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: libtheora CVE-2009-3389? Hi, Are there any details on CVE-2009-3389 / libtheora? Redhat claims they are not vulnerable, but none of the public info links to any kind of patch or better description. The 2 mozilla bugs are also still closed. The diff between firefox 3.5.5 and 3.5.6 media/libtheora/ also seems void of any integer overflow checking. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ