Re: CVE-2011-2160, CVE-2011-2161 and CVE-2011-2162
On Sat, 03 Sep 2011 08:56:54 +0200 Reinhard Tartler wrote:
> On Fri, Sep 02, 2011 at 23:31:22 (CEST), Michael Gilbert wrote:
>
>
> [...]
>
> >> > ffmpeg-mt specific bug with mp4 files, Unreproducible with libav:
> >> > http://thread.gmane.org/gmane.comp.video.libav.devel/8507
> >> >
> >> > CVE-2011-2160
> >> >
> >> > extremly vague, no useful references given
> >
> > It looks like this was assigned based on your changelog text [0]. Your
> > wording for CVE-2011-0723 differs from the other fixes, so Mitre
> > assumed there was something else to it and gave it a new id. Yikes!
I'm going to send a message to oss-sec requesting rejection of these two
ids. I just want to make sure that my take is correct, which is that
your changelog should have been interpreted as directly fixing the -0723
issues, and there isn't anything else to it necessitating the new -2160
id. Anyway, if that's right, please confirm.
Thanks,
Mike
Reply to: