Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20091223131556.439dcc19@redhat.com>
Date: Wed, 23 Dec 2009 13:15:56 +0100
From: Tomas Hoger <thoger@...hat.com>
To: oss-security@...ts.openwall.com
Cc: meissner@...e.de
Subject: Re: libtheora CVE-2009-3389?

On Tue, 22 Dec 2009 18:34:49 +0100 Marcus Meissner <meissner@...e.de>
wrote:

> Are there any details on CVE-2009-3389 / libtheora?
> 
> Redhat claims they are not vulnerable, but none of the public
> info links to any kind of patch or better description.
> The 2 mozilla bugs are also still closed.

That statement is based on investigation using info / patches /
reproducers from the mozilla bugs.  I did not do that work, so I can't
give you any more details and I do not have access to the bugs, but the
summary was that the flaws did not exist in 1.0alpha versions we ship
and are already fixed in 1.1.0.

-- 
Tomas Hoger / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.