[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CVE-2017-11735 in mp3split / libvorbis

Hi Ron,
Looking at


do you really mean CVE-2017-11333¹? Isn't this CVE-2017-11735²? Both where
reported in the same message. I can confirm that this fixes
CVE-2017-11735 for me.

Security team, if the CVE is in mp3splt not libvorbis do we need to give
back the CVE and request a new one? Is doing this via


The right thing?

 -- Guido

¹) https://security-tracker.debian.org/tracker/CVE-2017-11333
²) https://security-tracker.debian.org/tracker/CVE-2017-11735

Reply to: