Date: Tue, 3 Nov 2015 13:52:26 -0500 (EST) From: cve-assign@...re.org To: mprpic@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: libsndfile 1.0.25 heap overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/ > https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html > https://www.exploit-db.com/exploits/38447/ > > The blog post mentions MITRE was notified but I don't see a CVE anywhere > for this issue. > > Has a CVE been assigned to this flaw yet? Actually, yes, a CVE was assigned a while ago: CVE-2015-7805. We realize that the www.nemux.org URL says "09 Oct 2015 Mitre.org contacted (no response)"; however, we actually did respond on that day. (The person who wanted a CVE ID wrote to us from two e-mail addresses, one of which did not work for us. The person wrote to us a few weeks ago confirming that they did receive the CVE ID. We will follow up.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWOQHDAAoJEL54rhJi8gl57v0QAKvk5hbqh4TEIa59vXyRZPKS Uo9lRR7nfzQvyFz39bA3mXjpFCjgVouNG22gYGsdTSLd7LI6vkM5Sd2MEyHaECo1 6NjlfMDMRsHODW8m0aqdQ3y2stGuq/OHjN4e0JMzFyEaJoA8Eu7+6Ro9W1JNgtiQ z6Zzmko92WCoCzM5cBuI73vewSk9J5INgnESQdNHTcmX1qridbFs3msiONFGk662 b43JNA2P0ZuVV0XZkaNYdbzSM+amv0fzRtULNIZfexs3q5kZrWFag/qavaThzg9w Tqph8mQUCAgZrIBPSWSgF/9rT3YAoIZoaXEbxVZf8hN424dwxlcK0ev2A2mPDNrF flItMzePSSzlRkOAz32EBJhSLBMlEiVVYElfiLR2/OkKPyg2FquU0uM8IUqRR0zR AO1RHpt8RczaxxXPlR/hmVlt/jhkc8mulErEXKLxE8ie+zvRKAlTB/OreU1KZrKP DZ6pLaokp+uTsvLbobbbiUNF6p3EL7pJanHFxQr9AQyjPuJUKKacmwMASCDlB0YQ i1nU5y2Ki0tJU5NsmVMcqpMPObkuEOY2ISsDSGOUObCSLm1X6+pCa0vBUoUK9gtX 0D41ZWr9dM+RPvvIw3M6DTx2OUTY9s7O4J+Zq1TBAug8ady1edgYnA6ejJ+zIxvv pvMRRZ9PmSBDK3RF3TqK =j8S/ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ