[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2017-11735 in mp3split / libvorbis

Hi Salvatore,
On Sat, Sep 30, 2017 at 09:29:16PM +0200, Salvatore Bonaccorso wrote:
> Hi Guido,
> On Sat, Sep 30, 2017 at 08:17:50PM +0200, Guido Günther wrote:
> > Security team, if the CVE is in mp3splt not libvorbis do we need to give
> > back the CVE and request a new one? Is doing this via
> If you think the CVE was wrongly assigned, can you please contact
> MITRE (via the form method) please? Please give as much details as you
> found out (e.g. the above fix in mp3split indicating it actually might
> be an issue in mp3split using libvorbis wrongly).

Done. I'll keep you posted (and tracker updated) about their response.
 -- Guido

Reply to: