|
Message-ID: <20091201221857.GB7274@inutil.org> Date: Tue, 1 Dec 2009 23:18:57 +0100 From: Moritz Muehlenhoff <jmm@...til.org> To: oss-security@...ts.openwall.com Cc: coley@...us.mitre.org Subject: Re: Need more information on recent poppler issues On Tue, Dec 01, 2009 at 08:37:54AM +0100, Tomas Hoger wrote: > On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey" > <coley@...us.mitre.org> wrote: > > > > > DSA-1941 lists three reserved CVE entries for Poppler issues, but there > > aren't any more details, which makes it difficult to create CVE > > descriptions. Specifically, CVE-2009-3906, CVE-2009-3907, and > > CVE-2009-3908 don't have any details as far as I can tell. > > > > Can anybody help? > > They look like typos to me. That DSA lists 7 CVE-2009-390x CVEs, while > it should probably list CVE-2009-3*6*0x ones. CVE-2009-390[345] are > public and for unrelated applications. Yes, that is correct (and has been fixed in the Debian Security Tracker a few days ago: http://security-tracker.debian.org/tracker/source-package/poppler) I blame it on the new console mouse mode in Emacs 23 which broke copy&paste from a different tty with GPM ;-) (Disabling gpm-mouse-mode helps, as I found out later.) Cheers, Moritz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.