Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 22 Dec 2009 18:34:49 +0100
From: Marcus Meissner <>
To: OSS Security List <>
Subject: libtheora CVE-2009-3389?


Are there any details on CVE-2009-3389 / libtheora?

Redhat claims they are not vulnerable, but none of the public
info links to any kind of patch or better description.
The 2 mozilla bugs are also still closed.

The diff between firefox 3.5.5 and 3.5.6 media/libtheora/
also seems void of any integer overflow checking.

Ciao, Marcus

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.