Date: Wed, 23 Dec 2009 13:15:56 +0100 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: meissner@...e.de Subject: Re: libtheora CVE-2009-3389? On Tue, 22 Dec 2009 18:34:49 +0100 Marcus Meissner <meissner@...e.de> wrote: > Are there any details on CVE-2009-3389 / libtheora? > > Redhat claims they are not vulnerable, but none of the public > info links to any kind of patch or better description. > The 2 mozilla bugs are also still closed. That statement is based on investigation using info / patches / reproducers from the mozilla bugs. I did not do that work, so I can't give you any more details and I do not have access to the bugs, but the summary was that the flaws did not exist in 1.0alpha versions we ship and are already fixed in 1.1.0. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ