oss-sec mailing list archives
libtheora CVE-2009-3389?
From: Marcus Meissner <meissner () suse de>
Date: Tue, 22 Dec 2009 18:34:49 +0100
Hi, Are there any details on CVE-2009-3389 / libtheora? Redhat claims they are not vulnerable, but none of the public info links to any kind of patch or better description. The 2 mozilla bugs are also still closed. The diff between firefox 3.5.5 and 3.5.6 media/libtheora/ also seems void of any integer overflow checking. Ciao, Marcus
Current thread:
- libtheora CVE-2009-3389? Marcus Meissner (Dec 22)
- Re: libtheora CVE-2009-3389? Tomas Hoger (Dec 23)