From jericho at attrition.org Wed May 23 13:41:09 2012 From: jericho at attrition.org (security curmudgeon) Date: Wed, 23 May 2012 13:41:09 -0500 (CDT) Subject: [VIM] OT/Humor - worst advisories of 2012? Message-ID: http://attrition.org/security/rants/vulnerability-lab/ Vulnerability Research Labs - Most Worthless Advisories Award, 2012 Wed May 23 01:24:30 CDT 2012 From jericho at attrition.org Thu May 31 16:28:16 2012 From: jericho at attrition.org (security curmudgeon) Date: Thu, 31 May 2012 16:28:16 -0500 (CDT) Subject: [VIM] CVE-2012-2951 - believe this is a dupe Message-ID: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2012-2951 I think the above is actually a dupe to: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-6587 I have updated OSVDB 39764 with this tech note: This vulnerability was re-discovered May 21, 2012 but no version was listed. Based on the vendor's page, availability of 1.0-RC1 was made after the initial disclosure and confirmed to have included changeset 489, which fixes the vulnerability. However, the 2012 disclosure indicates that the vulnerability was tested against the plogger.com demo site which likely was not upgraded to 1.0-RC1. Based on that, OSVDB believes that this is a duplicate issue.