Date: Tue, 22 Dec 2009 18:34:49 +0100 From: Marcus Meissner <meissner@...e.de> To: OSS Security List <oss-security@...ts.openwall.com> Subject: libtheora CVE-2009-3389? Hi, Are there any details on CVE-2009-3389 / libtheora? Redhat claims they are not vulnerable, but none of the public info links to any kind of patch or better description. The 2 mozilla bugs are also still closed. The diff between firefox 3.5.5 and 3.5.6 media/libtheora/ also seems void of any integer overflow checking. Ciao, Marcus
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.