[VIM] Mantis Bug Tracker 1.1.1 Multiple Vulnerabilities

Steven M. Christey coley at linus.mitre.org
Wed May 21 07:53:32 UTC 2008


On Tue, 20 May 2008, ascii wrote:
> The wrong attribution of CVE-2008-2276 before our official advisory
> strengthen our conviction that responsible disclosure isn't always
> fair.

Just to let you know - we created the CVE after Secunia found a changelog
entry (at the CONFIRM in our references section).  We did not know
anything else about the other issues, but there was enough information in
the changelog to know that there was some vulnerability.  Your advisory
will provide additional details for CVE-2008-2276, and we'll be adding it
as a reference... plus, adding the other issues that you mentioned as
separate CVEs.

- Steve


More information about the VIM mailing list