Date: Tue, 3 Nov 2015 13:52:26 -0500 (EST) From: cve-assign@...re.org To: mprpic@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: libsndfile 1.0.25 heap overflow -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/ > https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html > https://www.exploit-db.com/exploits/38447/ > > The blog post mentions MITRE was notified but I don't see a CVE anywhere > for this issue. > > Has a CVE been assigned to this flaw yet? Actually, yes, a CVE was assigned a while ago: CVE-2015-7805. We realize that the www.nemux.org URL says "09 Oct 2015 Mitre.org contacted (no response)"; however, we actually did respond on that day. (The person who wanted a CVE ID wrote to us from two e-mail addresses, one of which did not work for us. The person wrote to us a few weeks ago confirming that they did receive the CVE ID. We will follow up.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWOQHDAAoJEL54rhJi8gl57v0QAKvk5hbqh4TEIa59vXyRZPKS Uo9lRR7nfzQvyFz39bA3mXjpFCjgVouNG22gYGsdTSLd7LI6vkM5Sd2MEyHaECo1 6NjlfMDMRsHODW8m0aqdQ3y2stGuq/OHjN4e0JMzFyEaJoA8Eu7+6Ro9W1JNgtiQ z6Zzmko92WCoCzM5cBuI73vewSk9J5INgnESQdNHTcmX1qridbFs3msiONFGk662 b43JNA2P0ZuVV0XZkaNYdbzSM+amv0fzRtULNIZfexs3q5kZrWFag/qavaThzg9w Tqph8mQUCAgZrIBPSWSgF/9rT3YAoIZoaXEbxVZf8hN424dwxlcK0ev2A2mPDNrF flItMzePSSzlRkOAz32EBJhSLBMlEiVVYElfiLR2/OkKPyg2FquU0uM8IUqRR0zR AO1RHpt8RczaxxXPlR/hmVlt/jhkc8mulErEXKLxE8ie+zvRKAlTB/OreU1KZrKP DZ6pLaokp+uTsvLbobbbiUNF6p3EL7pJanHFxQr9AQyjPuJUKKacmwMASCDlB0YQ i1nU5y2Ki0tJU5NsmVMcqpMPObkuEOY2ISsDSGOUObCSLm1X6+pCa0vBUoUK9gtX 0D41ZWr9dM+RPvvIw3M6DTx2OUTY9s7O4J+Zq1TBAug8ady1edgYnA6ejJ+zIxvv pvMRRZ9PmSBDK3RF3TqK =j8S/ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.