oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: libsndfile 1.0.25 heap overflow

From: cve-assign () mitre org
Date: Tue, 3 Nov 2015 13:52:26 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
https://packetstormsecurity.com/files/133926/libsndfile-1.0.25-Heap-Overflow.html
https://www.exploit-db.com/exploits/38447/

The blog post mentions MITRE was notified but I don't see a CVE anywhere
for this issue.

Has a CVE been assigned to this flaw yet?


Actually, yes, a CVE was assigned a while ago: CVE-2015-7805.

We realize that the www.nemux.org URL says "09 Oct 2015 Mitre.org
contacted (no response)"; however, we actually did respond on that
day. (The person who wanted a CVE ID wrote to us from two e-mail
addresses, one of which did not work for us. The person wrote to us a
few weeks ago confirming that they did receive the CVE ID. We will
follow up.)

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWOQHDAAoJEL54rhJi8gl57v0QAKvk5hbqh4TEIa59vXyRZPKS
Uo9lRR7nfzQvyFz39bA3mXjpFCjgVouNG22gYGsdTSLd7LI6vkM5Sd2MEyHaECo1
6NjlfMDMRsHODW8m0aqdQ3y2stGuq/OHjN4e0JMzFyEaJoA8Eu7+6Ro9W1JNgtiQ
z6Zzmko92WCoCzM5cBuI73vewSk9J5INgnESQdNHTcmX1qridbFs3msiONFGk662
b43JNA2P0ZuVV0XZkaNYdbzSM+amv0fzRtULNIZfexs3q5kZrWFag/qavaThzg9w
Tqph8mQUCAgZrIBPSWSgF/9rT3YAoIZoaXEbxVZf8hN424dwxlcK0ev2A2mPDNrF
flItMzePSSzlRkOAz32EBJhSLBMlEiVVYElfiLR2/OkKPyg2FquU0uM8IUqRR0zR
AO1RHpt8RczaxxXPlR/hmVlt/jhkc8mulErEXKLxE8ie+zvRKAlTB/OreU1KZrKP
DZ6pLaokp+uTsvLbobbbiUNF6p3EL7pJanHFxQr9AQyjPuJUKKacmwMASCDlB0YQ
i1nU5y2Ki0tJU5NsmVMcqpMPObkuEOY2ISsDSGOUObCSLm1X6+pCa0vBUoUK9gtX
0D41ZWr9dM+RPvvIw3M6DTx2OUTY9s7O4J+Zq1TBAug8ady1edgYnA6ejJ+zIxvv
pvMRRZ9PmSBDK3RF3TqK
=j8S/
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: