[VIM] ZDI duplicate CVE assignment between 2 advisories?
security curmudgeon
jericho at attrition.org
Mon Jan 7 13:44:36 CST 2013
While ensuring we have a complete mapping to ZDI advisories, ran across
two that have the same CVE identifier, yet were released months apart:
http://www.zerodayinitiative.com/advisories/ZDI-11-311/
http://www.zerodayinitiative.com/advisories/ZDI-12-136/
Based on the details available, they seem to be different issues that
should not share the same CVE identifier. ZDI-12-136 does not indicate
when it was fixed exactly, instead referencing the default Apple security
update page.
Are these truly the same issue, or was there an incorrect CVE assignment?
Thanks,
jericho
More information about the VIM
mailing list