oss-sec mailing list archives
Re: CVE request: two issues in vorbis-tools
From: Paris Z <paris8105 () gmail com>
Date: Fri, 23 Jan 2015 11:53:22 +0200
Hi, Original poster of the reports here. My original concern was also that these were minor issues, so I didn't request CVEs. I posted in FD list because a month has passed and I still haven't received any answers in the vorbis-tools bug tracker. 2015-01-23 10:36 GMT+02:00 Hanno Böck <hanno () hboeck de>:
On Thu, 22 Jan 2015 11:50:16 -0500 (EST) cve-assign () mitre org wrote:On Wed, 21 Jan 2015, Hanno Böck wrote:On Wed, 21 Jan 2015 13:50:46 +0100 Martin Prpic <mprpic () redhat com> wrote:Two issues were reported in vorbis-tools on Full Disclosure: http://seclists.org/fulldisclosure/2015/Jan/78CVE-2014-9638 - https://trac.xiph.org/ticket/2137 (division by zero) CVE-2014-9639 - https://trac.xiph.org/ticket/2136 (integer overflow)These two also affect opusenc. I don't know if this deserves more CVEs, because these issues are likely minor, but wanted to note it for completeness. It is a different software package. I'll add comments to the corresponding bug reports. -- Hanno Böck http://hboeck.de/ mail/jabber: hanno () hboeck de GPG: BBB51E42
Current thread:
- CVE request: two issues in vorbis-tools Martin Prpic (Jan 21)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 21)
- Re: CVE request: two issues in vorbis-tools cve-assign (Jan 22)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 23)
- Re: CVE request: two issues in vorbis-tools Paris Z (Jan 23)
- Re: CVE request: two issues in vorbis-tools cve-assign (Jan 22)
- Re: CVE request: two issues in vorbis-tools Hanno Böck (Jan 21)