Date: Tue, 1 Dec 2009 08:37:54 +0100 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: coley@...us.mitre.org Subject: Re: Need more information on recent poppler issues On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey" <coley@...us.mitre.org> wrote: > > DSA-1941 lists three reserved CVE entries for Poppler issues, but there > aren't any more details, which makes it difficult to create CVE > descriptions. Specifically, CVE-2009-3906, CVE-2009-3907, and > CVE-2009-3908 don't have any details as far as I can tell. > > Can anybody help? They look like typos to me. That DSA lists 7 CVE-2009-390x CVEs, while it should probably list CVE-2009-3*6*0x ones. CVE-2009-390 are public and for unrelated applications. Changelog seems to list correct ids: +poppler (0.8.7-3) stable-security; urgency=high + + * Non-maintainer upload by the Security Team. + * Fix CVE-2009-3603 to CVE-2009-3609, CVE-2009-0755. Based on patches + by Marc Deslauriers + * Fix CVE-2009-3938 + + -- Moritz Muehlenhoff <jmm@...ian.org> Tue, 24 Nov 2009 21:54:26 +0100 HTH -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.