Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Dec 2009 18:34:49 +0100
From: Marcus Meissner <>
To: OSS Security List <>
Subject: libtheora CVE-2009-3389?


Are there any details on CVE-2009-3389 / libtheora?

Redhat claims they are not vulnerable, but none of the public
info links to any kind of patch or better description.
The 2 mozilla bugs are also still closed.

The diff between firefox 3.5.5 and 3.5.6 media/libtheora/
also seems void of any integer overflow checking.

Ciao, Marcus

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ