Re: CVE-2017-11735 in mp3split / libvorbis

To: ron@debian.org, team@security.debian.org, debian-lts@lists.debian.org
Subject: Re: CVE-2017-11735 in mp3split / libvorbis
From: Guido Günther <agx@sigxcpu.org>
Date: Sun, 1 Oct 2017 00:03:28 +0200
Message-id: <[🔎] 20170930220328.esp7tz7lfhwtmck7@bogon.m.sigxcpu.org>
Mail-followup-to: Guido Günther <agx@sigxcpu.org>, ron@debian.org, team@security.debian.org, debian-lts@lists.debian.org
In-reply-to: <[🔎] 20170930192916.xqcgztlarjdelnk4@eldamar.local>
References: <[🔎] 20170930181750.mmylgw5bld4c2bpo@bogon.m.sigxcpu.org> <[🔎] 20170930192916.xqcgztlarjdelnk4@eldamar.local>

Hi Salvatore,
On Sat, Sep 30, 2017 at 09:29:16PM +0200, Salvatore Bonaccorso wrote:
> Hi Guido,
> 
> On Sat, Sep 30, 2017 at 08:17:50PM +0200, Guido Günther wrote:
> > Security team, if the CVE is in mp3splt not libvorbis do we need to give
> > back the CVE and request a new one? Is doing this via
> 
> If you think the CVE was wrongly assigned, can you please contact
> MITRE (via the form method) please? Please give as much details as you
> found out (e.g. the above fix in mp3split indicating it actually might
> be an issue in mp3split using libvorbis wrongly).

Done. I'll keep you posted (and tracker updated) about their response.
Cheers,
 -- Guido

Reply to:

References:
- CVE-2017-11735 in mp3split / libvorbis
  - From: Guido Günther <agx@sigxcpu.org>
- Re: CVE-2017-11735 in mp3split / libvorbis
  - From: Salvatore Bonaccorso <carnil@debian.org>

Prev by Date: Re: CVE-2017-11735 in mp3split / libvorbis
Next by Date: Re: CVE-2017-11735 in mp3split / libvorbis
Previous by thread: Re: CVE-2017-11735 in mp3split / libvorbis
Next by thread: Re: CVE-2017-11735 in mp3split / libvorbis
Index(es):
- Date
- Thread