Thanks! I requested IETF Last Call of version 08. Ben.
> On Jul 26, 2017, at 12:09 AM, Jean-Marc Valin <[email protected]> wrote: > > Just submitted version -08 addressing your last set of comments. See > below for details. > > On 26/07/17 12:41 AM, Ben Campbell wrote: >> I suggest adding a sentence to the effect of the following after “… >> associated text description.”: >> >> "That RFC includes the reference decoder implementation as Appendix >> A." > > Done. > >>> This document fixes two security issues reported on Opus and that >>> affect the reference implementation in RFC 6716 [RFC6716]: CVE- >>> 2013-0899 and CVE-2017-0381. CVE-2013-0899 is fixed by Section 4 >>> and could theoretically cause information leak, but the leaked >>> information would at the very least go through the decoder process >>> before being accessible to the attacker. Also, the bug can only >>> be triggered by Opus packets at least 24 MB in size. CVE-2017-0381 >>> is fixed by Section 7 as far as the authors are aware, could not >>> be >> >> Is there a missing word? It’s not clear if you mean to say that as >> far as the authors are aware it is fixed, or as far as the authors >> are aware it could not be exploited. > > There was indeed a missing "and": > > CVE-2017-0381 is fixed by Section 7 and, as far as the authors > are aware, could not be exploited in any way... > >> Can you add some context about the CVEs, such as where they are >> reported and where they can be found? > > Added links to the CVEs > >> So, as I looked at the XML diff, I realize the emphasis is added >> using XML tags rather than by hand entering the underscores. So I may >> have been incorrect to say they have no meaning in the context of an >> RFC :-) I think the text is still better without them, but do not >> have strong feelings if you prefer to keep them. > > I agree that the underscores weren't adding much, so I'm leaving them out. > > Cheers, > > Jean-Marc _______________________________________________ codec mailing list [email protected] https://www.ietf.org/mailman/listinfo/codec
