Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162

To: Michael Gilbert <michael.s.gilbert@gmail.com>
Cc: debian-security-tracker@lists.debian.org
Subject: Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
From: Reinhard Tartler <siretart@debian.org>
Date: Sun, 04 Sep 2011 18:30:32 +0200
Message-id: <[🔎] 87ipp81d93.fsf@faui43f.informatik.uni-erlangen.de>
In-reply-to: <[🔎] 20110904101310.c633a586.michael.s.gilbert@gmail.com> (Michael Gilbert's message of "Sun, 4 Sep 2011 10:13:10 -0400")
References: <1309183108.5105.19.camel@vougeot> <20110729101613.GA17796@pisco.westfalen.local> <87fwlefik2.fsf@faui43f.informatik.uni-erlangen.de> <[🔎] 20110902002234.95b4fe3ee09ad559b2678942@gmail.com> <[🔎] 20110902173122.323166f2fe4ff8dc59f14387@gmail.com> <[🔎] 87sjoe2jwp.fsf@faui43f.informatik.uni-erlangen.de> <[🔎] 20110904101310.c633a586.michael.s.gilbert@gmail.com>

On Sun, Sep 04, 2011 at 16:13:10 (CEST), Michael Gilbert wrote:

> On Sat, 03 Sep 2011 08:56:54 +0200 Reinhard Tartler wrote:
>
>> On Fri, Sep 02, 2011 at 23:31:22 (CEST), Michael Gilbert wrote:
>> 
>> 
>> [...]
>> 
>> >> > ffmpeg-mt specific bug with mp4 files, Unreproducible with libav:
>> >> > http://thread.gmane.org/gmane.comp.video.libav.devel/8507
>> >> > 
>> >> > CVE-2011-2160
>> >> > 
>> >> > extremly vague, no useful references given
>> >
>> > It looks like this was assigned based on your changelog text [0].  Your
>> > wording for CVE-2011-0723 differs from the other fixes, so Mitre
>> > assumed there was something else to it and gave it a new id.  Yikes!
>
> I'm going to send a message to oss-sec requesting rejection of these two
> ids.  I just want to make sure that my take is correct, which is that
> your changelog should have been interpreted as directly fixing the -0723
> issues, and there isn't anything else to it necessitating the new -2160
> id.  Anyway, if that's right, please confirm.

That's correct!

Thanks for taking care of this!
-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4

Reply to:

References:
- Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
  - From: Reinhard Tartler <siretart@debian.org>
- Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
Next by Date: Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
Previous by thread: Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
Next by thread: Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
Index(es):
- Date
- Thread