CVE-2017-15185/mp3splt (was: Re: CVE-2017-11735 in mp3split / libvorbis)
Hi
On Sun, Oct 01, 2017 at 12:07:11AM +0200, Guido Günther wrote:
> and I'll check with Salvatore if it's appropriate to inform oss-security
> once we got a new CVE for mp3splt.
> Thanks for detailed response (and the patch)!
> -- Guido
>
> >
> >
> > Thanks for catching my misattribution of the CVE number there, I'll
> > fix that in the changelog for the next release to avoid future
> > confusion. Just let me know if I should (also?) note it as something
> > other than CVE-2017-11735 if a new report is issued instead of just
> > updating the existing one.
FTR, CVE-2017-11735 was REJECTED, and futhermore CVE-2017-15185 was
specifically assigned for the mp3splt issue. Cf.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15185
Regards,
Salvatore
Reply to: