oss-sec mailing list archives
Re: CVE id request: fraud2
From: Robert Buchholz <rbu () gentoo org>
Date: Wed, 24 Sep 2008 17:47:05 +0200
On Tuesday 23 September 2008, Steffen Joeris wrote:
Hi fraad2 is affected by a heap overflow. Upstream announcement: http://www.audiocoding.com/ Upstream patch: http://www.audiocoding.com/patch/main_overflow.diff Gentoo Bugreport: http://bugs.gentoo.org/show_bug.cgi?id=238445 Debian Bugreport: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499899 Could I please get a CVE id for this? Cheers Steffen
CVE-2008-4201 states "in FAAD2 before 2.6.1", whereas the patch is based on 2.6.1 -- i.e. 2.6.1 is affected. So the CVE needs to be corrected. Robert
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE id request: fraud2 Steffen Joeris (Sep 23)
- Re: CVE id request: fraud2 Robert Buchholz (Sep 24)
- Re: CVE id request: fraud2 Steven M. Christey (Sep 24)
- Re: CVE id request: fraud2 Robert Buchholz (Sep 24)