Bug#838960: denial of service with crafted id3v2 tags in all mpg123 versions since 0.60
Thomas Orgis
thomas-forum at orgis.org
Tue Sep 27 15:59:01 UTC 2016
Am Tue, 27 Sep 2016 10:27:04 +0100
schrieb James Cowgill <jcowgill at debian.org>:
> Does this have a CVE ID? If not it should get one.
I wondered about that. At the moment I just acted on the bug report and
pushed the fix. I have to personal experience with the CVE procedure.
In the past, just "someone" made them appear.
I tried to apply for a CVE using the horrific Google docs form
(http://iwantacve.org/) now. How can they resort to such a third-party
ECMAScript-fest instead of a simple HTML form for _security_ issue
reporting?!
Not sure if/when I'll get a response to that.
Alrighty then,
Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale Signatur von OpenPGP
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20160927/8d4c4bbb/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list