Hi Guido, On Sat, Sep 30, 2017 at 08:17:50PM +0200, Guido Günther wrote: > Security team, if the CVE is in mp3splt not libvorbis do we need to give > back the CVE and request a new one? Is doing this via
If you think the CVE was wrongly assigned, can you please contact MITRE (via the form method) please? Please give as much details as you found out (e.g. the above fix in mp3split indicating it actually might be an issue in mp3split using libvorbis wrongly). Regards, Salvatore
