[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] MFSA 2009-63
From: Tomas Hoger <thoger () redhat ! com>
Date: 2009-10-30 18:35:34
Message-ID: 20091030193534.395d6b22 () redhat ! com
[Download RAW message or body]
Hi Reed!
On Fri, 30 Oct 2009 10:15:23 -0500 Reed Loden <reed@reedloden.com>
wrote:
> I think we used one CVE per library upgrade, so three in total
> (libvorbis, liboggz, liboggplay).
Correct. And the fixes brought in as part of those updates are
possible spread across multiple upstream versions, which is a common
reason to do a CVE split.
> Bug 499512 seems to be a liboggplay issue fixed by bug 512328.
It's listed among libvorbis bugs and I wasn't able to tell if there was
only liboggplay-side issue.
> However, if you notice any issues yourself with the advisory, please
> feel free to report any issues to me or to security@m.o.
I've only added a comment to 515889, which seems to be a dupe of one
older vorbis CVE.
Thank you!
--
Tomas Hoger / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic