[VIM] Question regarding ZDI-12-017's CVE
ZDI Disclosures
zdi-disclosures at tippingpoint.com
Mon Jun 11 14:06:46 CDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thank you for the insight. I did not know this.
I had just pinged Oracle for CVE's related to tomorrow's patches they are
releasing. I will go ahead and ask for this one as well. Any others that
ZDI was a part of that you'd like Oracle CVE's for?
Regards,
The ZDI Team
- -----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org]
Sent: Monday, June 11, 2012 1:56 PM
To: ZDI Disclosures
Cc: vim at attrition.org
Subject: Re: [VIM] Question regarding ZDI-12-017's CVE
On Mon, 11 Jun 2012, ZDI Disclosures wrote:
: Oracle does not always provide us with the associated CVE #. We have not
: received one for this case.
According to the main guy who coordinates their advisories, if the
researcher asks for the CVE association, Oracle will give it. However, if
a third party asks for it, they will not divulge the CVE association.
Ridiculous policy, and I have challenged them on it many times, but it
prevents us from finding out. Any chance you could ask them?
Thanks!
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8
wsBVAwUBT9ZBwlVtgMGTo1scAQKSVgf7B2lqvPwhnpPgNVajqFSCQqJoir6aXVrw
p4NB92zhfscGcjnSM4IOpkSHayIvkQ3SkTAbt1RVIRYH+Brlb8VtQO/EfLb8BOp5
ELm+8V/jD2/U/XWUtQiFJKXG1hziwOiFIFy330fgghS8Ir/R4JX4OqGbJMhRM8dt
z8RJYdD/cUuHvV0U88Z56GncadkzAPUePr5zYq/29oE29LMcDjxzewVDXhnD/l7j
jRq5zI0mBWNeGkoKzgo3hsUBu6tp5brACN/uE9ePQqkTPRHILA/5azfudY36wzq7
LiyT6Jz9YHGQuGFvq12Gq7dDD5i2Sak3xCfj1mOyBHCcYk1cebNCkw==
=JitA
-----END PGP SIGNATURE-----
More information about the VIM
mailing list