CVE-2017-11735 in mp3split / libvorbis
Hi Ron,
Looking at
https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932
do you really mean CVE-2017-11333¹? Isn't this CVE-2017-11735²? Both where
reported in the same message. I can confirm that this fixes
CVE-2017-11735 for me.
Security team, if the CVE is in mp3splt not libvorbis do we need to give
back the CVE and request a new one? Is doing this via
https://cveform.mitre.org/
The right thing?
Cheers,
-- Guido
¹) https://security-tracker.debian.org/tracker/CVE-2017-11333
²) https://security-tracker.debian.org/tracker/CVE-2017-11735
Reply to: