Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Tue,  3 Nov 2015 13:52:26 -0500 (EST)
From: cve-assign@...re.org
To: mprpic@...hat.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: libsndfile 1.0.25 heap overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
> https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
> https://www.exploit-db.com/exploits/38447/
> 
> The blog post mentions MITRE was notified but I don't see a CVE anywhere
> for this issue.
> 
> Has a CVE been assigned to this flaw yet?

Actually, yes, a CVE was assigned a while ago: CVE-2015-7805.

We realize that the www.nemux.org URL says "09 Oct 2015 Mitre.org
contacted (no response)"; however, we actually did respond on that
day. (The person who wanted a CVE ID wrote to us from two e-mail
addresses, one of which did not work for us. The person wrote to us a
few weeks ago confirming that they did receive the CVE ID. We will
follow up.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWOQHDAAoJEL54rhJi8gl57v0QAKvk5hbqh4TEIa59vXyRZPKS
Uo9lRR7nfzQvyFz39bA3mXjpFCjgVouNG22gYGsdTSLd7LI6vkM5Sd2MEyHaECo1
6NjlfMDMRsHODW8m0aqdQ3y2stGuq/OHjN4e0JMzFyEaJoA8Eu7+6Ro9W1JNgtiQ
z6Zzmko92WCoCzM5cBuI73vewSk9J5INgnESQdNHTcmX1qridbFs3msiONFGk662
b43JNA2P0ZuVV0XZkaNYdbzSM+amv0fzRtULNIZfexs3q5kZrWFag/qavaThzg9w
Tqph8mQUCAgZrIBPSWSgF/9rT3YAoIZoaXEbxVZf8hN424dwxlcK0ev2A2mPDNrF
flItMzePSSzlRkOAz32EBJhSLBMlEiVVYElfiLR2/OkKPyg2FquU0uM8IUqRR0zR
AO1RHpt8RczaxxXPlR/hmVlt/jhkc8mulErEXKLxE8ie+zvRKAlTB/OreU1KZrKP
DZ6pLaokp+uTsvLbobbbiUNF6p3EL7pJanHFxQr9AQyjPuJUKKacmwMASCDlB0YQ
i1nU5y2Ki0tJU5NsmVMcqpMPObkuEOY2ISsDSGOUObCSLm1X6+pCa0vBUoUK9gtX
0D41ZWr9dM+RPvvIw3M6DTx2OUTY9s7O4J+Zq1TBAug8ady1edgYnA6ejJ+zIxvv
pvMRRZ9PmSBDK3RF3TqK
=j8S/
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.