[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162

On Fri, Sep 02, 2011 at 23:31:22 (CEST), Michael Gilbert wrote:


[...]

>> > ffmpeg-mt specific bug with mp4 files, Unreproducible with libav:
>> > http://thread.gmane.org/gmane.comp.video.libav.devel/8507
>> > 
>> > CVE-2011-2160
>> > 
>> > extremly vague, no useful references given
>
> It looks like this was assigned based on your changelog text [0].  Your
> wording for CVE-2011-0723 differs from the other fixes, so Mitre
> assumed there was something else to it and gave it a new id.  Yikes!
>
>> > CVE-2011-2162
>> > 
>> > description on mitre is way too vague, the referenced madriva source
>> > package does not contain any relevant patch to this issue.
>
> It looks like this is CVE-2011-1198 again.  The new idea seems to
> have arisen via ill-defined text in the Mandriva advisories [0].
>
> [0] http://openwall.com/lists/oss-security/2011/09/02/1

Ah, that's clears things up. Thanks for looking into this, I've updated
my notes.

-- 
Gruesse/greetings,
Reinhard Tartler, KeyID 945348A4
Reply to: