[VIM] zoo - amavis - barracuda cross-ref problems

Steven M. Christey coley at linus.mitre.org
Wed Jul 25 21:46:11 UTC 2007


CVE didn't pick up SA25315, and we didn't independently notice the AMaViS
advisory, which is why it wasn't mentioned.  The phrasing for 2007-1669
definitely could have been better, instead of emphasizing Barracuda so
much.  I've changed both CVEs to mention AMaViS specifically.

Note that the AMaViS advisory implies that the problem only occurs when
AMaViS is installed on a system that already independently has the
vulnerable ZOO software.  So, this isn't necessarily a case of borrowed
code appearing in AMaViS, rather a defense-in-depth measure like when
Mozilla recently defended itself against the IE argument injection issue.

- Steve


More information about the VIM mailing list