Hi Salvatore, On Sat, Sep 30, 2017 at 09:29:16PM +0200, Salvatore Bonaccorso wrote: > Hi Guido, > > On Sat, Sep 30, 2017 at 08:17:50PM +0200, Guido Günther wrote: > > Security team, if the CVE is in mp3splt not libvorbis do we need to give > > back the CVE and request a new one? Is doing this via > > If you think the CVE was wrongly assigned, can you please contact > MITRE (via the form method) please? Please give as much details as you > found out (e.g. the above fix in mp3split indicating it actually might > be an issue in mp3split using libvorbis wrongly).
Done. I'll keep you posted (and tracker updated) about their response. Cheers, -- Guido
