[VIM] The next IBM DB2 mess...
security curmudgeon
jericho at attrition.org
Tue Sep 23 03:38:43 UTC 2008
Trying to track down and do the x-ref mess. Ran into one CVE dupe most
likely (2008-0698 / 2007-3676). The question originally was if 2008-3853
crosed with OSVDB 48146. Here is a list of APARs, CVEs and relevant notes
and fix info:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3853
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ12406
irst fixed in DB2 UDB Version 9.5, FixPak 1
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ10033
irst fixed in DB2 UDB Version 8.2, FixPak 16
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ12379
First fixed in DB2 UDB Version 9.1, FixPak 4a
OSVDB 48146 / CVE-NO-MATCH ?
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22190
Problem was fixed in Version 9.5 Fix Pack 2
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22004
Problem was first fixed in Version 8.2 Fix Pack 16
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ22188
Problem was fixed in Version 9.1 Fix Pack 5
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-0698
http://www-1.ibm.com/support/docview.wss?uid=swg1IZ05496
First fixed in DB2 UDB Version 8, FixPak 16
http://www-01.ibm.com/support/docview.wss?uid=swg1IZ05478
First fixed in DB2 V9.1 fixpak 4 (FP4)
This APAR addresses the issues described by CVE-2007-3676 at
cve.mitre.org
Based on that, 2008-3853 and OSVDB 48146 seem different, since in each
case the vuln was fixed in different versions 2 of the 3 times. Based on
that, OSVDB is keeping two entries for these.
The note in APAR 05478 (CVE 2008-0698) makes it pretty clear it crosses
with 2007-3676 though
More information about the VIM
mailing list