[VIM] Apple OS X ATSServer CFF CharStrings INDEX Sign Mismatch

rkeith rkeith at securityfocus.com
Fri Nov 19 14:22:24 CST 2010


Definitely some confusion all around on this one.

Apple's first issue of that advisory didn't include CVE-2010-4010, and there was no changelog, or indication
that the advisory was updated after that fact. We only noticed the existence of that CVE today when Mitre published it.

We'll retire 44984 shortly as a duplicate of 44729.

-Rob

On 11/19/2010 12:36 PM, George A. Theall wrote:
> Core Security's advisory recent Mac OS X advisory
> (http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch)
> seems to be creating confusion. For example, there's this entry in their
> timeline:
> 
>   "2010-11-11: Apple informs Core that due to a clerical error they used
> the identifier CVE-2010-1797 for their advisory, instead of
> CVE-2010-4010. "
> 
> Fortunately, this doesn't seem to have introduced any problems with the
> two CVE entries themselves. Had you noticed this, Steve?
> 
> SecurityFocus, though, has two BIDs that seem to be for CVE-2010-4010 --
> BID 44729 created last week and BID 44984 created today. Rob?
> 
> 
> George

-- 
Rob Keith
Symantec


More information about the VIM mailing list