Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Dec 2009 08:37:54 +0100
From: Tomas Hoger <>
Subject: Re: Need more information on recent poppler issues

On Mon, 30 Nov 2009 20:08:56 -0500 (EST) "Steven M. Christey"
<> wrote:

> DSA-1941 lists three reserved CVE entries for Poppler issues, but there
> aren't any more details, which makes it difficult to create CVE
> descriptions.  Specifically, CVE-2009-3906, CVE-2009-3907, and
> CVE-2009-3908 don't have any details as far as I can tell.
> Can anybody help?

They look like typos to me.  That DSA lists 7 CVE-2009-390x CVEs, while
it should probably list CVE-2009-3*6*0x ones.  CVE-2009-390[345] are
public and for unrelated applications.

Changelog seems to list correct ids:

+poppler (0.8.7-3) stable-security; urgency=high
+  * Non-maintainer upload by the Security Team.
+  * Fix CVE-2009-3603 to CVE-2009-3609, CVE-2009-0755. Based on patches
+    by Marc Deslauriers
+  * Fix CVE-2009-3938
+ -- Moritz Muehlenhoff <>  Tue, 24 Nov 2009 21:54:26 +0100


Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.