[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162

On Sat, 03 Sep 2011 08:56:54 +0200 Reinhard Tartler wrote:

> On Fri, Sep 02, 2011 at 23:31:22 (CEST), Michael Gilbert wrote:
> 
> 
> [...]
> 
> >> > ffmpeg-mt specific bug with mp4 files, Unreproducible with libav:
> >> > http://thread.gmane.org/gmane.comp.video.libav.devel/8507
> >> > 
> >> > CVE-2011-2160
> >> > 
> >> > extremly vague, no useful references given
> >
> > It looks like this was assigned based on your changelog text [0].  Your
> > wording for CVE-2011-0723 differs from the other fixes, so Mitre
> > assumed there was something else to it and gave it a new id.  Yikes!

I'm going to send a message to oss-sec requesting rejection of these two
ids.  I just want to make sure that my take is correct, which is that
your changelog should have been interpreted as directly fixing the -0723
issues, and there isn't anything else to it necessitating the new -2160
id.  Anyway, if that's right, please confirm.

Thanks,
Mike
Reply to: