[VIM] verifiable vendor acknowledgement for Orenosv overflows
Steven M. Christey
coley at mitre.org
Wed May 18 01:24:11 EDT 2005
Regarding the Orenosv server overflows as reported by SIG^2 in early
May (CAN-2005-1666, forthcoming):
http://www.security.org.sg/vuln/orenosv081.html
Vendor acknowledgement is claimed in the SIG^2 advisory, and
verifiable by the vendor home page:
http://hp.vector.co.jp/authors/VA027031/orenosv/index_en.html
The vendor front page includes a Status item for version 0.8.1a, dated
5/7/2005 (obviously May 7 instead of July 5, since this page was
viewed on May 18), which says "Security DoS: Fixed vulnerabilities
reported by Tan Chew Keong" (i.e., SIG^2).
- Steve
More information about the VIM
mailing list