[VIM] Why are SE38042 and SE38043 APARs related to security?
Rob Keith
rkeith at securityfocus.com
Thu Jun 11 20:43:02 UTC 2009
Hey Steve,
When we first saw those two APARs they had Security in the title:
SE38042 - JVA-RUN JDK6.0 XML SECURITY PATCH IBM
SE38043 - JVA-RUN JDK6.0 XML SECURITY PATCH IBM
They've obviously been updated since then. Perhaps it was a mistake initially, or...
If it's shown that there is no security impact we will retire the BID.
-Rob
Steven M. Christey wrote:
> Could anybody explain to me why Secunia, Vupen, SecurityFocus, and ISS all
> created vulnerability database entries for APARs SE38042/SE38043 when
> neither of these APARs mentions anything about security at all? I don't
> see any ties to any "parent" document that says these are security
> patches.
>
> Am I missing something obvious? We only have two APAR's of the form
> "SEnnnnn" in all of CVE.
>
> We're going to create a CVE for it since everybody else is talking about
> it, but it makes me really queasy. We all have enough problems without
> labeling references as security issues when they don't even use the word,
> where the only content is "XML Update."
>
> Thanks for any clarification,
> Steve
--
Rob Keith
Symantec
More information about the VIM
mailing list