[VIM] Xerox, redundancy and being vague..
Steven M. Christey
coley at linus.mitre.org
Mon Jul 25 17:50:09 EDT 2005
On Fri, 22 Jul 2005, security curmudgeon wrote:
> Wonder if they are cut and paste happy or if an identical set of vulns was
> found a month later? Based on the version info, i'd hazard a guess that
> the 006 vulns were found in the Color 2128/2636/3545 version, then
> subsequently found in other products. Thoughts?
That would be my guess.
In CVE, if we come across two vague - but distinct - advisories from the
same vendor, without any cross-references or indications that they are
fixing the same issues, we use different identifiers and make sure to flag
them as vague.
- Steve
More information about the VIM
mailing list