[VIM] Question regarding ZDI-12-017's CVE

ZDI Disclosures zdi-disclosures at tippingpoint.com
Thu Jun 21 14:52:43 CDT 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

Great idea. We are always looking for ways to improve our program. This
certainly makes sense to explore as it would be most helpful to all parties
involved.

Your timing is impeccable. I just received the response from Oracle with
the missing CVEs.  We will update the website with these as well but that
will take some time. Until then, I have included them below for your
records as well.

Let me know if you need any additional CVEs from our disclosures.

Regards,
The ZDI Team

ORACLE CVE's

> ZDI-12-083; ZDI-12-082; ZDI-12-081
> No CVE. Blacklisted binaries signed by Sun

> ZDI-12-074
- --> CVE-2012-1709
> 
> ZDI-12-073
- --> CVE-2012-1710
> 
> ZDI-12-039
- --> CVE-2012-0500

> ZDI-12-038
- --> CVE-2012-0508

> ZDI-12-037
- --> CVE-2012-0500

> ZDI-12-032 
- --> CVE-2012-0498

> ZDI-12-017 
- --> CVE-2012-0110

- -----Original Message-----
From: security curmudgeon [mailto:jericho at attrition.org] 
Sent: Thursday, June 21, 2012 1:57 PM
To: ZDI Disclosures
Cc: vim at attrition.org
Subject: RE: [VIM] Question regarding ZDI-12-017's CVE


: I have sent an additional request to Oracle as I note we have 9 
: published advisories without CVE#s from them. I hope they will respond 
: in a timely manner and I will forward on the CVEs as soon as I receive 
: them

Excellent!

Given how many advisories you guys release, may be worth your time to 
inquire with CVE about becoming a CNA. If you could assign a CVE at the 
time of research and include it when contacting the vendor, it would be 
very helpful for all parties. I mention this because I ran into a big 
group of advisories (~ Feb, 2011) that did not have them. The common theme 
was that each issue was being published after 180 days of no patch, as per 
your policy.


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 10.2.0 (Build 1950)
Charset: utf-8

wsBVAwUBT+N7f1VtgMGTo1scAQJzrAf+NmatXFzcPGODJGfaOxmoy7wGCoy2sNA/
6hPLTU12rqjkdT2QUqefyQNBpfKNstjXkVyE+jRhYrvRZvqSCcgODc5WKrUqRAuT
m7D+b2k/UrBLm4B2PYMwcC2j5Bd9NHIfXdJh1yvXbXG6whz8JYaaMV3HaihbmCc9
CUgwDv3oFkUmD05cY8XAIfmR5I7m53gD5bC32Zh/CSzY6aZNYL43GhtvHGXH8UE+
Q7bffVqzwDicHBtNf/eslOoxX5PxMVNMbdZHigbw4FeReObKptKCcjdgqbLLBbLb
/8aj+gXbzrdY7/d0muq1urRBe+I4NjDnyt1oW0+rMajq14m1uESx2g==
=vP3Q
-----END PGP SIGNATURE-----

More information about the VIM mailing list