[VIM] Vendor dispute - CVE-2006-1050 (Kwik-Pay)

Steven M. Christey coley at linus.mitre.org
Thu Feb 15 18:51:46 EST 2007


Well, I just got another email from the developer asking me to remove the
X-Force item that was apparently deleted (which we won't, because of
historical reasons, not to mention that the dispute is still pending), and
to change the description because it doesn't match what SECUNIA:19075
says.  But it says "The security issue has been confirmed in version
4.2.20...  Update to version 4.2.22."  Which sure sounds to me like there
used to be an issue and now there isn't.  Does anybody know of a changelog
entry?

I eagerly await their reply.

By the way - does anybody record retracted disputes?  We have "* DISPUTED
*" in the description only while the dispute is active, but I know we've
had a number of retractions.

- Steve


More information about the VIM mailing list