Date: Fri, 23 Jan 2015 11:53:22 +0200 From: Paris Z <paris8105@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: two issues in vorbis-tools Hi, Original poster of the reports here. My original concern was also that these were minor issues, so I didn't request CVEs. I posted in FD list because a month has passed and I still haven't received any answers in the vorbis-tools bug tracker. 2015-01-23 10:36 GMT+02:00 Hanno Böck <hanno@...eck.de>: > On Thu, 22 Jan 2015 11:50:16 -0500 (EST) > cve-assign@...re.org wrote: > > > > > On Wed, 21 Jan 2015, Hanno Böck wrote: > > > > > On Wed, 21 Jan 2015 13:50:46 +0100 > > > Martin Prpic <mprpic@...hat.com> wrote: > > > > > >> Two issues were reported in vorbis-tools on Full Disclosure: > > >> > > >> http://seclists.org/fulldisclosure/2015/Jan/78 > > > > CVE-2014-9638 - https://trac.xiph.org/ticket/2137 (division by zero) > > > > CVE-2014-9639 - https://trac.xiph.org/ticket/2136 (integer overflow) > > These two also affect opusenc. > I don't know if this deserves more CVEs, because these issues are > likely minor, but wanted to note it for completeness. It is a > different software package. I'll add comments to the corresponding bug > reports. > > -- > Hanno Böck > http://hboeck.de/ > > mail/jabber: hanno@...eck.de > GPG: BBB51E42 >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ