[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162



On Sun, Sep 04, 2011 at 16:13:10 (CEST), Michael Gilbert wrote:

> On Sat, 03 Sep 2011 08:56:54 +0200 Reinhard Tartler wrote:
>
>> On Fri, Sep 02, 2011 at 23:31:22 (CEST), Michael Gilbert wrote:
>> 
>> 
>> [...]
>> 
>> >> > ffmpeg-mt specific bug with mp4 files, Unreproducible with libav:
>> >> > http://thread.gmane.org/gmane.comp.video.libav.devel/8507
>> >> > 
>> >> > CVE-2011-2160
>> >> > 
>> >> > extremly vague, no useful references given
>> >
>> > It looks like this was assigned based on your changelog text [0].  Your
>> > wording for CVE-2011-0723 differs from the other fixes, so Mitre
>> > assumed there was something else to it and gave it a new id.  Yikes!
>
> I'm going to send a message to oss-sec requesting rejection of these two
> ids.  I just want to make sure that my take is correct, which is that
> your changelog should have been interpreted as directly fixing the -0723
> issues, and there isn't anything else to it necessitating the new -2160
> id.  Anyway, if that's right, please confirm.

That's correct!

Thanks for taking care of this!
-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4


Reply to: