Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
On Sun, Sep 04, 2011 at 16:13:10 (CEST), Michael Gilbert wrote:
> On Sat, 03 Sep 2011 08:56:54 +0200 Reinhard Tartler wrote:
>
>> On Fri, Sep 02, 2011 at 23:31:22 (CEST), Michael Gilbert wrote:
>>
>>
>> [...]
>>
>> >> > ffmpeg-mt specific bug with mp4 files, Unreproducible with libav:
>> >> > http://thread.gmane.org/gmane.comp.video.libav.devel/8507
>> >> >
>> >> > CVE-2011-2160
>> >> >
>> >> > extremly vague, no useful references given
>> >
>> > It looks like this was assigned based on your changelog text [0]. Your
>> > wording for CVE-2011-0723 differs from the other fixes, so Mitre
>> > assumed there was something else to it and gave it a new id. Yikes!
>
> I'm going to send a message to oss-sec requesting rejection of these two
> ids. I just want to make sure that my take is correct, which is that
> your changelog should have been interpreted as directly fixing the -0723
> issues, and there isn't anything else to it necessitating the new -2160
> id. Anyway, if that's right, please confirm.
That's correct!
Thanks for taking care of this!
--
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Reply to: