[Secure-testing-team] CVE-2009-0146/0147/0166
Marc Deslauriers
marc.deslauriers at canonical.com
Sun Aug 2 12:26:12 UTC 2009
On Sat, 2009-08-01 at 03:28 -0400, Michael S Gilbert wrote:
> Are you positive that CVE-2009-0146/0147/0166 were patched as claimed
> in [1]? There is no indication yet that these are fixed upstream (no
> specific commits), and there are no patches linked from mitre to
> verify against. Can you shed some light on the situation? Thanks.
Apple had sent a bunch of test cases for those CVEs. The poppler patch
fixes the parser in different ways from the suggested fixes Apple
posted, so it's not obvious what parts of the big upstream patch fixes
what CVE. The only thing I can say for sure is that the test cases do
not crash anymore, so the CVEs are seemingly fixed.
Marc.
--
Marc Deslauriers
Canonical Ltd.
More information about the Secure-testing-team
mailing list