CVE-2017-11735 in mp3split / libvorbis
do you really mean CVE-2017-11333¹? Isn't this CVE-2017-11735²? Both where
reported in the same message. I can confirm that this fixes
CVE-2017-11735 for me.
Security team, if the CVE is in mp3splt not libvorbis do we need to give
back the CVE and request a new one? Is doing this via
The right thing?