Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue,  3 Nov 2015 13:52:26 -0500 (EST)
From: cve-assign@...re.org
To: mprpic@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: libsndfile 1.0.25 heap overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
> https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
> https://www.exploit-db.com/exploits/38447/
> 
> The blog post mentions MITRE was notified but I don't see a CVE anywhere
> for this issue.
> 
> Has a CVE been assigned to this flaw yet?

Actually, yes, a CVE was assigned a while ago: CVE-2015-7805.

We realize that the www.nemux.org URL says "09 Oct 2015 Mitre.org
contacted (no response)"; however, we actually did respond on that
day. (The person who wanted a CVE ID wrote to us from two e-mail
addresses, one of which did not work for us. The person wrote to us a
few weeks ago confirming that they did receive the CVE ID. We will
follow up.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWOQHDAAoJEL54rhJi8gl57v0QAKvk5hbqh4TEIa59vXyRZPKS
Uo9lRR7nfzQvyFz39bA3mXjpFCjgVouNG22gYGsdTSLd7LI6vkM5Sd2MEyHaECo1
6NjlfMDMRsHODW8m0aqdQ3y2stGuq/OHjN4e0JMzFyEaJoA8Eu7+6Ro9W1JNgtiQ
z6Zzmko92WCoCzM5cBuI73vewSk9J5INgnESQdNHTcmX1qridbFs3msiONFGk662
b43JNA2P0ZuVV0XZkaNYdbzSM+amv0fzRtULNIZfexs3q5kZrWFag/qavaThzg9w
Tqph8mQUCAgZrIBPSWSgF/9rT3YAoIZoaXEbxVZf8hN424dwxlcK0ev2A2mPDNrF
flItMzePSSzlRkOAz32EBJhSLBMlEiVVYElfiLR2/OkKPyg2FquU0uM8IUqRR0zR
AO1RHpt8RczaxxXPlR/hmVlt/jhkc8mulErEXKLxE8ie+zvRKAlTB/OreU1KZrKP
DZ6pLaokp+uTsvLbobbbiUNF6p3EL7pJanHFxQr9AQyjPuJUKKacmwMASCDlB0YQ
i1nU5y2Ki0tJU5NsmVMcqpMPObkuEOY2ISsDSGOUObCSLm1X6+pCa0vBUoUK9gtX
0D41ZWr9dM+RPvvIw3M6DTx2OUTY9s7O4J+Zq1TBAug8ady1edgYnA6ejJ+zIxvv
pvMRRZ9PmSBDK3RF3TqK
=j8S/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ