Date: Wed, 23 Dec 2009 13:15:56 +0100 From: Tomas Hoger <thoger@...hat.com> To: oss-security@...ts.openwall.com Cc: meissner@...e.de Subject: Re: libtheora CVE-2009-3389? On Tue, 22 Dec 2009 18:34:49 +0100 Marcus Meissner <meissner@...e.de> wrote: > Are there any details on CVE-2009-3389 / libtheora? > > Redhat claims they are not vulnerable, but none of the public > info links to any kind of patch or better description. > The 2 mozilla bugs are also still closed. That statement is based on investigation using info / patches / reproducers from the mozilla bugs. I did not do that work, so I can't give you any more details and I do not have access to the bugs, but the summary was that the flaws did not exist in 1.0alpha versions we ship and are already fixed in 1.1.0. -- Tomas Hoger / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.