[VIM] RubyGems dupe CVE assignment? (for BID / CVE)
security curmudgeon
jericho at attrition.org
Wed Oct 2 17:49:42 CDT 2013
Dinesh,
On Tue, 1 Oct 2013, Dinesh Theerthagiri wrote:
: CVE-2013-4287 and CVE-2013-4363 are both different issues.
I see the confusion now. First, OSVDB does not split in these cases as CVE
does if the incomplete fix was quickly discovered and properly fixed. If
enough time lapses, or the fix introduces additional concerns, we will
split.
: And Credit given in the osvdb link is wrong. If you go through the link :
: http://seclists.org/oss-sec/2013/q3/576
:
: "This vulnerability was discovered by Damir Sharipov <dammer2k () gmail com>".
Yep, our mistake. I have fixed 97163 to reflect this. Thanks for the
pointer!
More information about the VIM
mailing list