[VIM] Xerox, redundancy and being vague..

Steven M. Christey coley at linus.mitre.org
Mon Jul 25 17:50:09 EDT 2005


On Fri, 22 Jul 2005, security curmudgeon wrote:

> Wonder if they are cut and paste happy or if an identical set of vulns was
> found a month later? Based on the version info, i'd hazard a guess that
> the 006 vulns were found in the Color 2128/2636/3545 version, then
> subsequently found in other products. Thoughts?

That would be my guess.

In CVE, if we come across two vague - but distinct - advisories from the
same vendor, without any cross-references or indications that they are
fixing the same issues, we use different identifiers and make sure to flag
them as vague.

- Steve


More information about the VIM mailing list