[VIM] Bitten by Mantis?

security curmudgeon jericho at attrition.org
Wed Aug 24 17:55:46 EDT 2005


: For those who operate at a low level of detail for your vuln reports, 
: watch out for the recent Mantis bugs.  The Mantis changelog at 
: http://www.mantisbt.org/changelog.php and Debian's "diff" file have 
: inconsistencies regarding what was, or was not, fixed.  Only 1 out of 4 
: separate bugs seems to be covered by both Debian and the original Mantis 
: developers.  I have an inquiry into Debian for clarification, since it's 
: not clear which issues CAN-2005-2557 should deal with.

I noticed this when creating four entries for OSVDB. Two of the four have 
corresponding changelog that I saw (one was based on a small assumption 
due to vague wording, but creditee matched). Two of the issues were not 
referenced in the changelog, and only 1 of 4 bugzilla entries referenced 
by Secunia were public.


More information about the VIM mailing list