Am Wed, 5 Oct 2016 21:34:49 +0200
schrieb Salvatore Bonaccorso :
> Any news from the DWF project on the assigned CVE?
Nothing. I got the initial request to accept the MITRE Terms of Use for
CVE from the person handling my case (I assume). I replied to the mail
at 2016-09-30.
Hi Thomas,
On Fri, Sep 30, 2016 at 08:05:14AM +0200, Thomas Orgis wrote:
> Am Thu, 29 Sep 2016 01:20:05 +0200
> schrieb Thomas Orgis :
>
> > Still nothing. I don't expect anything to arrive anymore. Perhaps that
> > Google Docs form was a joke anyway. So, please let's
Am Thu, 29 Sep 2016 01:20:05 +0200
schrieb Thomas Orgis :
> Still nothing. I don't expect anything to arrive anymore. Perhaps that
> Google Docs form was a joke anyway. So, please let's just get a number
> via Debian and get on with it.
Nope, eh … yes. I got a reply now
Am Tue, 27 Sep 2016 22:39:21 +0200
schrieb Thomas Orgis :
> Well, so far I did not get a response from http://iwantacve.org/
Still nothing. I don't expect anything to arrive anymore. Perhaps that
Google Docs form was a joke anyway. So, please let's just get a number
via
Am Tue, 27 Sep 2016 18:50:35 +0200
schrieb Florian Weimer :
> Debian is a CNA-covered product, mpg123 is part of Debian,
> so it is unclear what to do here. I'll ask around.
Well, so far I did not get a response from http://iwantacve.org/
(linked from
* Thomas Orgis:
> Am Tue, 27 Sep 2016 10:27:04 +0100
> schrieb James Cowgill :
>
>> Does this have a CVE ID? If not it should get one.
>
> I wondered about that. At the moment I just acted on the bug report and
> pushed the fix. I have to personal experience with the CVE
Am Tue, 27 Sep 2016 10:27:04 +0100
schrieb James Cowgill :
> Does this have a CVE ID? If not it should get one.
I wondered about that. At the moment I just acted on the bug report and
pushed the fix. I have to personal experience with the CVE procedure.
In the past, just
Control: severity -1 grave
Control: tags -1 security fixed-upstream
Control: found -1 0.60-1
Hi,
On 27/09/16 06:47, Thomas Orgis wrote:
> Package: mpg123
>
> This is mpg123 upstream formally informing you of a vulnerability
> (crash on illegal memory read) in all mpg123 versions since 0.60, so
Package: mpg123
This is mpg123 upstream formally informing you of a vulnerability
(crash on illegal memory read) in all mpg123 versions since 0.60, so
very likely all debian versions of mpg123 and libmpg123 are affected.
See more detail at http://mpg123.org/bugs/240 . A one-line fix for any
9 matches
Mail list logo