[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

CVE-2017-15185/mp3splt (was: Re: CVE-2017-11735 in mp3split / libvorbis)

Hi

On Sun, Oct 01, 2017 at 12:07:11AM +0200, Guido Günther wrote:

> and I'll check with Salvatore if it's appropriate to inform oss-security
> once we got a new CVE for mp3splt.
> Thanks for detailed response (and the patch)!
>  -- Guido
> 
> > 
> > 
> > Thanks for catching my misattribution of the CVE number there, I'll
> > fix that in the changelog for the next release to avoid future
> > confusion.  Just let me know if I should (also?) note it as something
> > other than CVE-2017-11735 if a new report is issued instead of just
> > updating the existing one.

FTR, CVE-2017-11735 was REJECTED, and futhermore CVE-2017-15185 was
specifically assigned for the mp3splt issue. Cf.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15185

Regards,
Salvatore
Reply to: