libtheora CVE-2009-3389?

[Marcus Meissner <meissner () suse de>]

Hi,

Are there any details on CVE-2009-3389 / libtheora?

Redhat claims they are not vulnerable, but none of the public
info links to any kind of patch or better description.
The 2 mozilla bugs are also still closed.

The diff between firefox 3.5.5 and 3.5.6 media/libtheora/
also seems void of any integer overflow checking.

Ciao, Marcus