Re: CVE-2017-11735 in mp3split / libvorbis

To: Guido Günther <agx@sigxcpu.org>, ron@debian.org
Cc: team@security.debian.org, debian-lts@lists.debian.org
Subject: Re: CVE-2017-11735 in mp3split / libvorbis
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 30 Sep 2017 21:29:16 +0200
Message-id: <[🔎] 20170930192916.xqcgztlarjdelnk4@eldamar.local>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, ron@debian.org, team@security.debian.org, debian-lts@lists.debian.org
In-reply-to: <[🔎] 20170930181750.mmylgw5bld4c2bpo@bogon.m.sigxcpu.org>
References: <[🔎] 20170930181750.mmylgw5bld4c2bpo@bogon.m.sigxcpu.org>

Hi Guido,

On Sat, Sep 30, 2017 at 08:17:50PM +0200, Guido Günther wrote:
> Security team, if the CVE is in mp3splt not libvorbis do we need to give
> back the CVE and request a new one? Is doing this via

If you think the CVE was wrongly assigned, can you please contact
MITRE (via the form method) please? Please give as much details as you
found out (e.g. the above fix in mp3split indicating it actually might
be an issue in mp3split using libvorbis wrongly).

Regards,
Salvatore

Reply to:

Follow-Ups:
- Re: CVE-2017-11735 in mp3split / libvorbis
  - From: Guido Günther <agx@sigxcpu.org>

References:
- CVE-2017-11735 in mp3split / libvorbis
  - From: Guido Günther <agx@sigxcpu.org>

Prev by Date: Re: Fwd: Re: [Ticket#2017092834000757] Bug#876462: otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS
Next by Date: Re: Fwd: Re: [Ticket#2017092834000757] Bug#876462: otrs2: CVE-2017-14635: Code Injection / Privilege Escalation OTRS
Previous by thread: CVE-2017-11735 in mp3split / libvorbis
Next by thread: Re: CVE-2017-11735 in mp3split / libvorbis
Index(es):
- Date
- Thread