Hi On Sun, Oct 01, 2017 at 12:07:11AM +0200, Guido Günther wrote:
> and I'll check with Salvatore if it's appropriate to inform oss-security > once we got a new CVE for mp3splt. > Thanks for detailed response (and the patch)! > -- Guido > > > > > > > Thanks for catching my misattribution of the CVE number there, I'll > > fix that in the changelog for the next release to avoid future > > confusion. Just let me know if I should (also?) note it as something > > other than CVE-2017-11735 if a new report is issued instead of just > > updating the existing one. FTR, CVE-2017-11735 was REJECTED, and futhermore CVE-2017-15185 was specifically assigned for the mp3splt issue. Cf. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15185 Regards, Salvatore
