Re: CVE-2017-11735 in mp3split / libvorbis
On Sat, Sep 30, 2017 at 08:17:50PM +0200, Guido Günther wrote:
> Security team, if the CVE is in mp3splt not libvorbis do we need to give
> back the CVE and request a new one? Is doing this via
If you think the CVE was wrongly assigned, can you please contact
MITRE (via the form method) please? Please give as much details as you
found out (e.g. the above fix in mp3split indicating it actually might
be an issue in mp3split using libvorbis wrongly).