[VIM] Vendor dispute - CVE-2006-1050 (Kwik-Pay)
Steven M. Christey
coley at linus.mitre.org
Thu Feb 15 18:51:46 EST 2007
Well, I just got another email from the developer asking me to remove the
X-Force item that was apparently deleted (which we won't, because of
historical reasons, not to mention that the dispute is still pending), and
to change the description because it doesn't match what SECUNIA:19075
says. But it says "The security issue has been confirmed in version
4.2.20... Update to version 4.2.22." Which sure sounds to me like there
used to be an issue and now there isn't. Does anybody know of a changelog
I eagerly await their reply.
By the way - does anybody record retracted disputes? We have "* DISPUTED
*" in the description only while the dispute is active, but I know we've
had a number of retractions.
More information about the VIM