Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 23 Dec 2009 13:15:56 +0100
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: meissner@...e.de
Subject: Re: libtheora CVE-2009-3389?

On Tue, 22 Dec 2009 18:34:49 +0100 Marcus Meissner <meissner@...e.de>
wrote:

> Are there any details on CVE-2009-3389 / libtheora?
> 
> Redhat claims they are not vulnerable, but none of the public
> info links to any kind of patch or better description.
> The 2 mozilla bugs are also still closed.

That statement is based on investigation using info / patches /
reproducers from the mozilla bugs.  I did not do that work, so I can't
give you any more details and I do not have access to the bugs, but the
summary was that the flaws did not exist in 1.0alpha versions we ship
and are already fixed in 1.1.0.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ