Comment 5 for bug 930700

After discussing it with other members of the Ubuntu Security Team, I still believe this does not warrant an addition CVE number, as the buggy version only made it into the Debian and Ubuntu archives briefly and were not included in any formal released version.

However, if you disagree with this opinion, you can always ask for a CVE assignment on the oss-security email list http://oss-security.openwall.org/wiki/mailing-lists/oss-security . Either way, any proposed fix to vdr should include both commits that I listed above.