[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] libtheora CVE-2009-3389?
From: Tomas Hoger <thoger () redhat ! com>
Date: 2009-12-23 12:15:56
Message-ID: 20091223131556.439dcc19 () redhat ! com
[Download RAW message or body]
On Tue, 22 Dec 2009 18:34:49 +0100 Marcus Meissner <meissner@suse.de>
wrote:
> Are there any details on CVE-2009-3389 / libtheora?
>
> Redhat claims they are not vulnerable, but none of the public
> info links to any kind of patch or better description.
> The 2 mozilla bugs are also still closed.
That statement is based on investigation using info / patches /
reproducers from the mozilla bugs. I did not do that work, so I can't
give you any more details and I do not have access to the bugs, but the
summary was that the flaws did not exist in 1.0alpha versions we ship
and are already fixed in 1.1.0.
--
Tomas Hoger / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic